logo

Database

Server side cross-site scripting In com.liferay:com.liferay.journal.taglib

Description

Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-161472. NVD-2019-161473. OSV-2019-161474. GCVE-2019-16147

References

1. https://github.com/liferay/liferay-portal/commit/7e063aed70f947a92bb43a4471e0c4e650fe8f7f

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.