VYPR
Get started
← All advisories
Medium severity6.1NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026

CVE-2017-12646

CVE-2017-12646

Description

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.liferay.portal:release.portal.bomMaven
< 7.0.3-GA47.0.3-GA4
com.liferay:com.liferay.login.authentication.openid.connect.webMaven
>= 1.0.0, < 1.0.11.0.1
com.liferay:com.liferay.login.webMaven
< 1.1.201.1.20

Affected products

1
  • Liferay/Portal
    cpe:2.3:a:liferay:liferay_portal:*:ga3:*:*:*:*:*:*
    Range: <=7.0

Patches

2
554914804512

LPS-73087 Fix other possible places

https://github.com/liferay/liferay-portalTomáš PolešovskýJun 21, 2017via ghsa
commit
5 files changed · +8 8
  • modules/apps/foundation/login/login-authentication-openid-connect-web/src/main/resources/META-INF/resources/com.liferay.login.web/openid_connect.jsp+1 1 modified
    @@ -31,7 +31,7 @@
 		for (String openIdConnectProviderName : openIdConnectProviderNames) {
 		%>
 
-			<aui:option label="<%= HtmlUtil.escape(openIdConnectProviderName) %>" value="<%= openIdConnectProviderName %>" />
+			<aui:option label="<%= HtmlUtil.escape(openIdConnectProviderName) %>" value="<%= HtmlUtil.escapeAttribute(openIdConnectProviderName) %>" />
 
 		<%
 		}
  • modules/apps/foundation/login/login-web/src/main/resources/META-INF/resources/create_account.jsp+1 1 modified
    @@ -96,7 +96,7 @@ birthdayCalendar.set(Calendar.YEAR, 1970);
 		UserPasswordException.MustComplyWithRegex upe = (UserPasswordException.MustComplyWithRegex)errorException;
 		%>
 
-		<liferay-ui:message arguments="<%= upe.regex %>" key="that-password-does-not-comply-with-the-regular-expression" translateArguments="<%= false %>" />
+		<liferay-ui:message arguments="<%= HtmlUtil.escape(upe.regex) %>" key="that-password-does-not-comply-with-the-regular-expression" translateArguments="<%= false %>" />
 	</liferay-ui:error>
 
 	<liferay-ui:error exception="<%= UserPasswordException.MustMatch.class %>" message="the-passwords-you-entered-do-not-match" />
  • modules/apps/foundation/login/login-web/src/main/resources/META-INF/resources/forgot_password.jsp+2 2 modified
    @@ -39,7 +39,7 @@ if (reminderAttempts == null) {
 
 	<liferay-ui:error exception="<%= CaptchaConfigurationException.class %>" message="a-captcha-error-occurred-please-contact-an-administrator" />
 	<liferay-ui:error exception="<%= CaptchaTextException.class %>" message="text-verification-failed" />
-	<liferay-ui:error exception="<%= NoSuchUserException.class %>" message='<%= "the-" + TextFormatter.format(authType, TextFormatter.K) + "-you-requested-is-not-registered-in-our-database" %>' />
+	<liferay-ui:error exception="<%= NoSuchUserException.class %>" message='<%= "the-" + TextFormatter.format(HtmlUtil.escape(authType), TextFormatter.K) + "-you-requested-is-not-registered-in-our-database" %>' />
 	<liferay-ui:error exception="<%= RequiredReminderQueryException.class %>" message="you-have-not-configured-a-reminder-query" />
 	<liferay-ui:error exception="<%= SendPasswordException.MustBeEnabled.class %>" message="password-recovery-is-disabled" />
 	<liferay-ui:error exception="<%= UserActiveException.class %>" message="your-account-is-not-active" />
@@ -133,7 +133,7 @@ if (reminderAttempts == null) {
 					%>
 
 					<div class="alert alert-info">
-						<liferay-ui:message arguments="<%= login %>" key="a-new-password-will-be-sent-to-x-if-you-can-correctly-answer-the-following-question" translateArguments="<%= false %>" />
+						<liferay-ui:message arguments="<%= HtmlUtil.escape(login) %>" key="a-new-password-will-be-sent-to-x-if-you-can-correctly-answer-the-following-question" translateArguments="<%= false %>" />
 					</div>
 
 					<aui:input autoFocus="<%= true %>" label="<%= HtmlUtil.escape(LanguageUtil.get(request, user2.getReminderQueryQuestion())) %>" name="answer" type="text" />
  • modules/apps/foundation/login/login-web/src/main/resources/META-INF/resources/login.jsp+3 3 modified
    @@ -84,7 +84,7 @@
 									<liferay-ui:message key="thank-you-for-creating-an-account" />
 
 									<c:if test="<%= company.isStrangersVerify() %>">
-										<liferay-ui:message arguments="<%= userEmailAddress %>" key="your-email-verification-code-was-sent-to-x" translateArguments="<%= false %>" />
+										<liferay-ui:message arguments="<%= HtmlUtil.escape(userEmailAddress) %>" key="your-email-verification-code-was-sent-to-x" translateArguments="<%= false %>" />
 									</c:if>
 								</c:when>
 								<c:otherwise>
@@ -93,7 +93,7 @@
 							</c:choose>
 
 							<c:if test="<%= PrefsPropsUtil.getBoolean(company.getCompanyId(), PropsKeys.ADMIN_EMAIL_USER_ADDED_ENABLED) %>">
-								<liferay-ui:message arguments="<%= userEmailAddress %>" key="your-password-was-sent-to-x" translateArguments="<%= false %>" />
+								<liferay-ui:message arguments="<%= HtmlUtil.escape(userEmailAddress) %>" key="your-password-was-sent-to-x" translateArguments="<%= false %>" />
 							</c:if>
 						</div>
 					</c:when>
@@ -104,7 +104,7 @@
 						%>
 
 						<div class="alert alert-success">
-							<liferay-ui:message arguments="<%= userEmailAddress %>" key="thank-you-for-creating-an-account.-you-will-be-notified-via-email-at-x-when-your-account-has-been-approved" translateArguments="<%= false %>" />
+							<liferay-ui:message arguments="<%= HtmlUtil.escape(userEmailAddress) %>" key="thank-you-for-creating-an-account.-you-will-be-notified-via-email-at-x-when-your-account-has-been-approved" translateArguments="<%= false %>" />
 						</div>
 					</c:when>
 				</c:choose>
  • modules/apps/foundation/login/login-web/src/main/resources/META-INF/resources/update_account.jsp+1 1 modified
    @@ -92,7 +92,7 @@ String jobTitle = BeanParamUtil.getString(selUser, request, "jobTitle");
 	</aui:form>
 
 	<div class="alert alert-warning">
-		<liferay-ui:message arguments="<%= emailAddress %>" key="an-account-with-x-as-the-email-address-already-exists-in-the-portal.-do-you-want-to-associate-this-activity-with-that-account" translateArguments="<%= false %>" />
+		<liferay-ui:message arguments="<%= HtmlUtil.escape(emailAddress) %>" key="an-account-with-x-as-the-email-address-already-exists-in-the-portal.-do-you-want-to-associate-this-activity-with-that-account" translateArguments="<%= false %>" />
 	</div>
 
 	<aui:button name="updateUser" onClick='<%= renderResponse.getNamespace() + "updateUser();" %>' value="associate-account" />
79bffe0f2e74

LPS-73087 Fix XSS on password field

https://github.com/liferay/liferay-portalUğurcan ÇetinJun 14, 2017via ghsa
commit
1 file changed · +1 1
  • modules/apps/foundation/login/login-web/src/main/resources/META-INF/resources/login.jsp+1 1 modified
    @@ -88,7 +88,7 @@
 									</c:if>
 								</c:when>
 								<c:otherwise>
-									<liferay-ui:message arguments="<%= userPassword %>" key="thank-you-for-creating-an-account.-your-password-is-x" translateArguments="<%= false %>" />
+									<liferay-ui:message arguments="<%= HtmlUtil.escape(userPassword) %>" key="thank-you-for-creating-an-account.-your-password-is-x" translateArguments="<%= false %>" />
 								</c:otherwise>
 							</c:choose>

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.