Design/Logic Flaw

2019-09-0921:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

34.0%

JSON

Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.

CPENameOperatorVersion
liferay_portallt7.2.0
liferay_portaleq7.2.0 alpha1
liferay_portaleq7.2.0 beta1
liferay_portaleq7.2.0 beta2
liferay_portaleq7.2.0 beta3
liferay_portaleq7.2.0 rc2
liferay_portaleq7.2.0 rc3
liferay_portaleq7.2.0 milestone2
liferay_portaleq7.2.0 ga1

Name	Operator	Version
liferay_portal	lt	7.2.0
liferay_portal	eq	7.2.0 alpha1
liferay_portal	eq	7.2.0 beta1
liferay_portal	eq	7.2.0 beta2
liferay_portal	eq	7.2.0 beta3
liferay_portal	eq	7.2.0 rc2
liferay_portal	eq	7.2.0 rc3
liferay_portal	eq	7.2.0 milestone2
liferay_portal	eq	7.2.0 ga1

References

github.com/liferay/liferay-portal/commit/7e063aed70f947a92bb43a4471e0c4e650fe8f7f

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for PRION:CVE-2019-16147