MGASA-2023-0138 Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

Cross-site Scripting (XSS)

com.liferay.login.web is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not properly escape the values upe.regex, authType, login, userEmailAddress, userPassword, userEmailAddress, and emailAddress in multiple locations...