com.liferay.frontend.js.spa.web is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the Liferay.SPA.loginRedirect
parameter.
CPE | Name | Operator | Version |
---|---|---|---|
com.liferay.frontend.js.spa.web | le | 1.0.13 | |
com.liferay.frontend.js.spa.web | le | 1.0.13 |
dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
github.com/liferay/liferay-portal/commit/333f65bae9106182d12e02d249d4f95e16e93fa2
jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-008756.html
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/113764592