CVE-2019-6588

EPSS 0.69%
Veröffentlicht 03.06.2019 20:29:01
Zuletzt bearbeitet 21.11.2024 04:46:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Liferay Portal SwEditioncommunity Version <= 6.0.6

Liferay ≫ Liferay Portal Version6.1.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem6 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc6 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.4 Updatega5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.5 Updatega6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.4 Updatega5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.5 Updatega6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.6 Updatega7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatea1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatea2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updaterc1 SwEditioncommunity

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.71

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1.6	2.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6588

EUVD