CVE-2017-12645
CVE-2017-12645 is an XSS in Liferay Portal prior to 7.0 CE GA4, exploitable via an invalid portletId. Affected component: com.liferay.portal:com.liferay.portal.impl. Root cause is improper handling of portletId input leading to script injection. Remediation available: upgrade to Liferay Portal 7....