Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Liferay Portal 7.1 CE GA4 Cross Site Scripting
# Exploit Title: Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS
# Date: 04/06/2019
# Exploit Author: Valerio Brussani (@val_brux)
# Website:
# Vendor Homepage:
# Software Link:
# Version: < 7.1 CE GA4
# Tested on: Liferay Portal 7.1 CE GA3
# CVE: CVE-2019-6588
# Reference1:
# Reference2:

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input 
into the url parameter of the JSP taglib call <liferay-ui:captcha url=<%= url %> /> or <liferay-captcha:captcha url=<%= url %> />. 
A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability.
In a sample scenario of custom code calling the <liferay-ui:captcha url=<%= url %> /> JSP taglib, appending a payload like the following to the body parameters of a customized form:
The script is reflected in the src attribute of the <img> tag, responsible of fetching the next available captcha:
<img alt=xxx class=xxxx src=xxxxxx><script>alert(1)</script>= />

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.