CVE-2017-17868

Name of the Vulnerable Software and Affected Versions Liferay Portal version 6.1.0

Description The issue concerns a Cross-Site Scripting (XSS) vulnerability. It is related to the tags section and can be triggered via a Public Render Parameter (p r p) value. Specifically, the p r p 564233524 tag value is used to demonstrate the vulnerability.

Recommendations For Liferay Portal version 6.1.0, consider restricting access to the tags section until a fix is available. As a temporary workaround, avoid using the p r p parameter, especially with the p r p 564233524 tag value, to minimize the risk of exploitation.