Medium severity6.1NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026
CVE-2017-12645
CVE-2017-12645
Description
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.portal.bomMaven | < 7.0.3-ga4 | 7.0.3-ga4 |
Affected products
2Patches
Vulnerability mechanics
References
11- dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilitiesnvdIssue TrackingPatchVendor Advisory
- github.com/advisories/GHSA-cvrj-cw2f-25qwghsaADVISORY
- issues.liferay.com/browse/LPS-72307nvdIssue TrackingVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-12645ghsaADVISORY
- github.com/liferay/liferay-portal/commit/122b0dd9ca729a4df0f06fe01b3648755c5048f9ghsaWEB
- github.com/liferay/liferay-portal/commit/6f2bd2569c78677b9eeab83ae42d3610a0e07b13ghsaWEB
- github.com/liferay/liferay-portal/commit/89c4514fc7d55a618c01483b987219298e3a4d36ghsaWEB
- github.com/liferay/liferay-portal/commit/bbb8bc90c2d11710ff09b7a36970510997b70c59ghsaWEB
- github.com/liferay/liferay-portal/commit/c6d7707c2e9872c7d5197001f292407ca7cbaf2eghsaWEB
- github.com/liferay/liferay-portal/commit/f30571c3502551945ba7497e8d80e8b2295f1026ghsaWEB
- web.archive.org/web/20201001000000*/https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilitiesghsaWEB
News mentions
0No linked articles in our index yet.