EPSS
Percentile
37.0%
Liferay portal-impl is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize the portletID field when a portlet is deployed, allowing a malicious user to inject and execute arbitrary web script.
dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
issues.liferay.com/browse/LPS-72307