Lucene search
Veracode Vulnerability DatabaseVERACODE:25554HistoryJun 02, 2020 - 4:55 a.m.
Cross-Site Scripting (XSS)
2020-06-0204:55:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
33.7%
com.liferay.frontend.js.spa.web is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the Liferay.SPA.loginRedirect parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.liferay.frontend.js.spa.web | le | 1.0.13 | |
| com.liferay.frontend.js.spa.web | le | 1.0.13 |
References
dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
github.com/liferay/liferay-portal/commit/333f65bae9106182d12e02d249d4f95e16e93fa2
jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-008756.html
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/113764592
Related
cvelist
cvelist
CVE-2016-10404
2022-10-03 16:16:39
cve
cve
CVE-2016-10404
2022-10-03 16:16:39
prion
prion
Cross site scripting
2017-08-07 16:29:00
osv
osv
CVE-2016-10404
2017-08-07 16:29:00
nvd
nvd
CVE-2016-10404
2017-08-07 16:29:00