Mon, 12 Nov 2018 09:39:00 +0000
CST-7107 HTML injection in notification emails
Notification emails sent to users in Liferay Portal 7.1 CE GA1 is vulnerable to HTML injection. An attacker can exploit this vulnerability for phishing attacks.
There is no patch available for Liferay Portal 7.1 CE GA1. Instead, users should upgrade to Liferay Portal 7.1 CE GA2 (7.1.1) or later to fix this issue.