Main Vulnerability Database Exploits ID:5922 - Exploit for Cross-site scripting in Liferay Enterprise Portal - CVE-2019-6588

ID:5922 - Exploit for Cross-site scripting in Liferay Enterprise Portal - CVE-2019-6588

Published: June 17, 2021

Vulnerability identifier: #VU35859

Vulnerability risk: Low

CVE-ID: CVE-2019-6588

CWE-ID: CWE-79

Exploitation vector: Remote access

Vulnerable software:
Liferay Enterprise Portal

Link to public exploit:

https://www.exploit-db.com/exploits/46983/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Remediation

Install update from vendor's website.

ID:5922 - Exploit for Cross-site scripting in Liferay Enterprise Portal - CVE-2019-6588

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human