CVE-2019-16147 | SynScan

Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2019-16147

Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.

Published: Sep 9, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-16147
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
liferay / liferay_portal	-	7.2.0
liferay / liferay_portal	7.2.0-alpha1	7.2.0-alpha1.x
liferay / liferay_portal	7.2.0-beta1	7.2.0-beta1.x
liferay / liferay_portal	7.2.0-beta2	7.2.0-beta2.x
liferay / liferay_portal	7.2.0-beta3	7.2.0-beta3.x
liferay / liferay_portal	7.2.0-rc2	7.2.0-rc2.x
liferay / liferay_portal	7.2.0-rc3	7.2.0-rc3.x
liferay / liferay_portal	7.2.0-milestone2	7.2.0-milestone2.x
liferay / liferay_portal	7.2.0-ga1	7.2.0-ga1.x

https://github.com/liferay/liferay-portal/commit/7e063aed70f947a92bb43a4471e0c4e650fe8f7f