CVE-2019-6588

EPSS 0.69%
Published 03.06.2019 20:29:01
Last modified 21.11.2024 04:46:45
Source cve@mitre.org
Teams watchlist Login
Open Login

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Liferay ≫ Liferay Portal SwEditioncommunity Version <= 6.0.6

Liferay ≫ Liferay Portal Version6.1.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem6 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc6 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.4 Updatega5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.5 Updatega6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.4 Updatega5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.5 Updatega6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.6 Updatega7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatea1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatea2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updaterc1 SwEditioncommunity

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.69%	0.694

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	1.6	2.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6588

EUVD