Lucene search
GoogleOSV:CVE-2019-6588HistoryJun 03, 2019 - 8:29 p.m.
CVE-2019-6588
2019-06-0320:29:01
Google
osv.dev
4
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the “url” parameter of the JSP taglib call <liferay-ui:captcha url=“<%= url %>” /> or <liferay-captcha:captcha url=“<%= url %>” />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| liferay-portal | eq | 6.1.0-b1 | |
| liferay-portal | eq | 6.1.0-b2 |
Related
cve
cve
CVE-2019-6588
2019-06-03 20:29:01
openvas
openvas
Liferay Portal < 7.0 GA4 Multiple Vulnerabilities
2019-06-11 00:00:00
packetstorm
packetstorm
Liferay Portal 7.1 CE GA4 Cross Site Scripting
2019-06-11 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-06-02 04:42:59
cvelist
cvelist
CVE-2019-6588
2019-06-03 19:43:42
prion
prion
Cross site scripting
2019-06-03 20:29:00
nvd
nvd
CVE-2019-6588
2019-06-03 20:29:01
zdt
zdt
exploitdb
exploitdb
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
2019-06-11 00:00:00
exploitpack
exploitpack
Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting
2019-06-11 00:00:00