portal-service is vulnerable to cross-site scripting (XSS). The library does not sanitize the Public Render Parameter p_r_p
value, allowing the attacker to inject arbitrary script through it.
CPE | Name | Operator | Version |
---|---|---|---|
liferay portal service | eq | 6.1.0 |