Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting Vulnerability

Exploit for jsp platform in category web applications Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” /...

Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting

Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code...

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” / JSP taglib, appending a payload like the following to...

CVE-2019-6588

In CVE-2019-6588, Liferay Portal versions prior to 7.1 CE GA4 are vulnerable via the SimpleCaptcha API. The XSS occurs when unsanitized input is passed into the url parameter of the JSP taglibs or . Liferay Portal out-of-the-box behavior with no customizations is not vulnerable. The vulnerabilit...