Multiple XSS vulnerabilities in Liferay Portal

Published: 2017-08-16 16:17:41
Severity Low
Patch available YES
Number of vulnerabilities 6
CVE ID CVE-2017-12645
CVE-2016-10404
CVE-2017-12649
CVE-2017-12648
CVE-2017-12647
CVE-2017-12646
CVSSv3 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-79
Exploitation vector Network
Public exploit N/A
Vulnerable software Liferay Enterprise Portal
Vulnerable software versions Liferay Enterprise Portal 7.0.2 GA3
Vendor URL Liferay

Security Advisory

1) Cross-site scripting

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 7.0 CE GA4.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_... 
https://issues.liferay.com/browse/LPS-72307

2) Cross-site scripting

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data via the "redirect" HTTP GET parameter to "modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp" script. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 7.0 CE GA4.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_...
https://github.com/liferay/liferay-portal/commit/333f65bae9106182d12e02d249d4f95e16e93fa2

3) Cross-site scripting

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data via specially crafted title or summary. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 7.0 CE GA4.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_...
https://github.com/brianchandotcom/liferay-portal/pull/47579

4) Cross-site scripting

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via a bookmark URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 7.0 CE GA4.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_...
https://github.com/brianchandotcom/liferay-portal/pull/47888

5) Cross-site scripting

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via a Knowledge Base article title. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 7.0 CE GA4.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_... 
https://github.com/brianchandotcom/liferay-portal/pull/48901

6) Cross-site scripting

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via a login name, password, or e-mail address. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version  7.0 CE GA4.

External links

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_...
https://github.com/brianchandotcom/liferay-portal/pull/49833

Back to List