Lucene search
Veracode Vulnerability DatabaseVERACODE:25552HistoryJun 02, 2020 - 4:26 a.m.
Cross-site Scripting (XSS)
2020-06-0204:26:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
EPSS
0.001
Percentile
37.0%
com.liferay.asset.browser.web is vulnerable to cross-site scripting (XSS). The vulnerability exists as the values of assetRenderer.getTitle(locale) and assetRenderer.getSummary(renderRequest, renderResponse) in resources/view.jsp is not sanitized.
References
dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
github.com/brianchandotcom/liferay-portal//commit/92c17a6ce69b0780eb0b6da6d399f8dff5703576
github.com/brianchandotcom/liferay-portal/pull/47579
Related
prion
prion
Cross site scripting
2017-08-07 16:29:00
cvelist
cvelist
CVE-2017-12649
2017-08-07 16:00:00
cve
cve
CVE-2017-12649
2017-08-07 16:29:00
nvd
nvd
CVE-2017-12649
2017-08-07 16:29:00