Medium severity6.1NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026
CVE-2017-12648
CVE-2017-12648
Description
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.portal.bomMaven | < 7.0.3-GA4 | 7.0.3-GA4 |
com.liferay:com.liferay.frontend.taglibMaven | < 2.1.3 | 2.1.3 |
Affected products
1Patches
2996769ea1e2bLPS-71270 - XSS in URL when sorted the bookmark
1 file changed · +1 −1
modules/apps/foundation/frontend-taglib/frontend-taglib/src/main/resources/META-INF/resources/management_bar_filter/page.jsp+1 −1 modified@@ -31,7 +31,7 @@ String value = (String)request.getAttribute("liferay-frontend:management-bar-fil <liferay-ui:message key="<%= label %>" />: </c:if> - <liferay-ui:message key="<%= value %>" /> + <liferay-ui:message key="<%= HtmlUtil.escape(value) %>" /> </span> <aui:icon image="caret-double-l" markupView="lexicon" />
9bc594b70c56LPS-71270 - XSS in URL when sorted the bookmark
1 file changed · +1 −1
modules/apps/foundation/frontend-taglib/frontend-taglib/src/main/resources/META-INF/resources/management_bar_filter/page.jsp+1 −1 modified@@ -31,7 +31,7 @@ String value = (String)request.getAttribute("liferay-frontend:management-bar-fil <liferay-ui:message key="<%= label %>" />: </c:if> - <liferay-ui:message key="<%= value %>" /> + <liferay-ui:message key="<%= HtmlUtil.escape(value) %>" /> </span> <aui:icon image="caret-double-l" markupView="lexicon" />
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilitiesnvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/brianchandotcom/liferay-portal/pull/47888nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-cm99-x97g-9qx8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12648ghsaADVISORY
- github.com/liferay/liferay-portal/commit/996769ea1e2be15becd90a1fcf73e704788714acghsaWEB
- github.com/liferay/liferay-portal/commit/9bc594b70c565570c7e7b7e06c0b7c141d2cc8cfghsaWEB
News mentions
0No linked articles in our index yet.