CVE-2017-12645
https://notcve.org/view.php?id=CVE-2017-12645
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un portletId no válido. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://issues.liferay.com/browse/LPS-72307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12649
https://notcve.org/view.php?id=CVE-2017-12649
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un resumen o título manipulado que no se administra correctamente en el Web Content Display. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/47579 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12648
https://notcve.org/view.php?id=CVE-2017-12648
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante una marcador URL. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/47888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12646
https://notcve.org/view.php?id=CVE-2017-12646
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un nombre de inicio de sesión, contraseña o dirección de email. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/49833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12647
https://notcve.org/view.php?id=CVE-2017-12647
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un título de artículo de Knowledge Base. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/48901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •