CVE-2017-1000425
CVE-2017-1000425 is a cross-site scripting vulnerability in Liferay Portal CE 7.0 GA4 and older, exploitable via a javascript: URI in the movie parameter of /html/portal/flash.jsp. Affected component: flash.jsp in the portal; root cause: insufficient input sanitization of the movie parameter lead...