-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.liferay.portal:release.portal.bom | maven | >= 7.2.0, <= 7.4.3.37 | 7.4.3.38 |
| com.liferay.portal:release.dxp.bom | maven | >= 7.4.13.u1, < 7.4.13.u38 | 7.4.13.u38 |
| com.liferay.portal:release.dxp.bom | maven | >= 7.3.10.ep3, < 7.3.10.u11 | 7.3.10.u11 |
| com.liferay.portal:release.dxp.bom | maven | >= 7.2.0, < 7.2.10.fp20 | 7.2.10.fp20 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly implicates the Frontend JS module's portlet.js in handling URL anchor/hash parameters. The most likely candidate is the parameter processing function that handles URL fragments. Liferay's portlet.js is known to contain URL parameter handling logic, and the XSS vulnerability would occur when user-controlled hash parameters are incorporated into the page without proper sanitization. The function name Liferay.Portlet.addParameters aligns with Liferay's JavaScript API patterns and would logically be responsible for processing URL parameters including hash fragments.
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report