CVE-2019-6588 – Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-6588

03 Jun 2019 — In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call or . Liferay Portal out-of-the-box behavior with no customizations is not vulnerable. En el Portal Liferay anterior a 7.1 CE GA4, existe una vulnerabilidad de XSS en la API SimpleCaptcha cuando el código personalizado pasa una entrada sin autorizac... • https://packetstorm.news/files/id/153252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •