3 matches found
com.liferay:com.liferay.adaptive.media.web (>=1.0.0 <=1.0.6), com.liferay:com.liferay.amazon.rankings.web (>=1.0.0 <=1.0.14) +128 more potentially affected by CVE-2017-12648 via com.liferay:com.liferay.frontend.taglib (>=1.0.0 <=2.1.0)
com.liferay:com.liferay.frontend.taglib MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.11 and more Source cves: CVE-2017-12648 Source advisory: OSV:GHSA-CM99-X97G-9QX8...
CVE-2017-12648
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL...
CVE-2017-12648
CVE-2017-12648 affects Liferay Portal before 7.0 CE GA4 and is a cross-site scripting (XSS) issue exploitable via a bookmark URL. Public details indicate the vulnerability stems from com.liferay.frontend.taglib not escaping the value attribute in bookmark URLs, enabling script injection. NVD data...