Mon, 26 Jun 2017 09:00:00 +0000
CST-7017 Multiple XSS vulnerabilities in 7.0 CE GA3
Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML into a page.
There is no patch available for Liferay Portal 7.0 CE GA3. Instead, users should upgrade to Liferay Portal 7.0 CE GA4 (7.0.3) or later to fix this issue.
Some vulnerabilities reported by Craig Young and Juho Nurminen