Mon, 12 Nov 2018 07:30:00 +0000
CST-7103 Multiple XSS vulnerabilities in 7.1 CE GA1
In Liferay Portal 7.1 CE GA1, multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML into a page.
There is no patch available for Liferay Portal 7.1 CE GA1. Instead, users should upgrade to Liferay Portal 7.1 CE GA2 (7.1.1) or later to fix this issue.
Some vulnerabilities reported by Gergő Czuczor