Vulnerabilities > Liferay > Liferay Portal > 7.0.3

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2019-6588 Cross-site Scripting vulnerability in Liferay Portal
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />.
network
high complexity
liferay CWE-79
4.7
4.7
2018-01-02 CVE-2017-1000425 Cross-site Scripting vulnerability in Liferay Portal
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
network
low complexity
liferay CWE-79
6.1
6.1