Liferay: >> Liferay Portal >> 6.1.0 Security Vulnerabilities
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-27
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
CVSS Score
8.8
EPSS Score
0.015
Published
2017-01-13
Page 5