CVE-2019-6588

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
liferayliferay_portal
𝑥
≤ 6.0.6
liferayliferay_portal
6.1.0:b1
liferayliferay_portal
6.1.0:b2
liferayliferay_portal
6.1.0:b3
liferayliferay_portal
6.1.0:b4
liferayliferay_portal
6.1.0:ga1
liferayliferay_portal
6.1.0:rc1
liferayliferay_portal
6.1.1:ga2
liferayliferay_portal
6.1.2:ga3
liferayliferay_portal
6.2.0:b1
liferayliferay_portal
6.2.0:b2
liferayliferay_portal
6.2.0:ga1
liferayliferay_portal
6.2.0:m1
liferayliferay_portal
6.2.0:m2
liferayliferay_portal
6.2.0:m3
liferayliferay_portal
6.2.0:m4
liferayliferay_portal
6.2.0:m5
liferayliferay_portal
6.2.0:m6
liferayliferay_portal
6.2.0:rc1
liferayliferay_portal
6.2.0:rc2
liferayliferay_portal
6.2.0:rc3
liferayliferay_portal
6.2.0:rc4
liferayliferay_portal
6.2.0:rc5
liferayliferay_portal
6.2.0:rc6
liferayliferay_portal
6.2.1:ga2
liferayliferay_portal
6.2.2:ga3
liferayliferay_portal
6.2.3:ga4
liferayliferay_portal
6.2.4:ga5
liferayliferay_portal
6.2.5:ga6
liferayliferay_portal
7.0.0:a1
liferayliferay_portal
7.0.0:a2
liferayliferay_portal
7.0.0:a3
liferayliferay_portal
7.0.0:a4
liferayliferay_portal
7.0.0:a5
liferayliferay_portal
7.0.0:b1
liferayliferay_portal
7.0.0:b2
liferayliferay_portal
7.0.0:b3
liferayliferay_portal
7.0.0:b4
liferayliferay_portal
7.0.0:b5
liferayliferay_portal
7.0.0:b6
liferayliferay_portal
7.0.0:b7
liferayliferay_portal
7.0.0:ga1
liferayliferay_portal
7.0.0:m1
liferayliferay_portal
7.0.0:m2
liferayliferay_portal
7.0.0:m3
liferayliferay_portal
7.0.0:m4
liferayliferay_portal
7.0.0:m5
liferayliferay_portal
7.0.0:m6
liferayliferay_portal
7.0.0:m7
liferayliferay_portal
7.0.1:ga2
liferayliferay_portal
7.0.2:ga3
liferayliferay_portal
7.0.3:ga4
liferayliferay_portal
7.0.4:ga5
liferayliferay_portal
7.0.5:ga6
liferayliferay_portal
7.0.6:ga7
liferayliferay_portal
7.1.0:a1
liferayliferay_portal
7.1.0:a2
liferayliferay_portal
7.1.0:b1
liferayliferay_portal
7.1.0:b2
liferayliferay_portal
7.1.0:b3
liferayliferay_portal
7.1.0:ga1
liferayliferay_portal
7.1.0:m1
liferayliferay_portal
7.1.0:m2
liferayliferay_portal
7.1.0:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3
http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3