7.0.4

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-03	CVE-2019-6588	Cross-site Scripting vulnerability in Liferay Portal In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. network high complexity liferay CWE-79	4.7