Medium severity6.1NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026
CVE-2017-12648
CVE-2017-12648
Description
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.portal.bomMaven | < 7.0.3-GA4 | 7.0.3-GA4 |
com.liferay:com.liferay.frontend.taglibMaven | < 2.1.3 | 2.1.3 |
Affected products
3- ghsa-coords2 versions
< 2.1.3+ 1 more
- (no CPE)range: < 2.1.3
- (no CPE)range: < 7.0.3-GA4
Patches
Vulnerability mechanics
References
6- dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilitiesnvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/brianchandotcom/liferay-portal/pull/47888nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-cm99-x97g-9qx8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12648ghsaADVISORY
- github.com/liferay/liferay-portal/commit/996769ea1e2be15becd90a1fcf73e704788714acghsaWEB
- github.com/liferay/liferay-portal/commit/9bc594b70c565570c7e7b7e06c0b7c141d2cc8cfghsaWEB
News mentions
0No linked articles in our index yet.