CVE-2016-10404
CVE-2016-10404 affects Liferay Portal prior to 7.0 CE GA4. A crafted redirect value in the init.jsp flow (modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp) enables cross-site scripting (XSS). The vulnerability arises from how the redirect fiel...