Medium severity6.1NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026
CVE-2017-12646
CVE-2017-12646
Description
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.portal.bomMaven | < 7.0.3-GA4 | 7.0.3-GA4 |
com.liferay:com.liferay.login.authentication.openid.connect.webMaven | >= 1.0.0, < 1.0.1 | 1.0.1 |
com.liferay:com.liferay.login.webMaven | < 1.1.20 | 1.1.20 |
Affected products
4- ghsa-coords3 versionspkg:maven/com.liferay/com.liferay.login.authentication.openid.connect.webpkg:maven/com.liferay/com.liferay.login.webpkg:maven/com.liferay.portal/release.portal.bom
>= 1.0.0, < 1.0.1+ 2 more
- (no CPE)range: >= 1.0.0, < 1.0.1
- (no CPE)range: < 1.1.20
- (no CPE)range: < 7.0.3-GA4
Patches
Vulnerability mechanics
References
6- dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilitiesnvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/brianchandotcom/liferay-portal/pull/49833nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-8gqf-26xw-x3gxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12646ghsaADVISORY
- github.com/liferay/liferay-portal/commit/5549148045125f000d968132235db5b1c2c18b60ghsaWEB
- github.com/liferay/liferay-portal/commit/79bffe0f2e74daef88ed9775e92bdfa2d56add93ghsaWEB
News mentions
0No linked articles in our index yet.