Tue, 03 Apr 2018 08:06:00 +0000
CST-7037 Multiple XSS vulnerabilities in 7.0 CE GA5
Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML into a page.
There is no patch available for Liferay Portal 7.0 CE GA5. Instead, users should upgrade to Liferay Portal 7.0 CE GA6 (7.0.5) or later to fix this issue.
Some vulnerabilities reported by Marko Winkler