{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "6.0.6" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "6.1.0-b1" }, { "introduced": "0" }, { "last_affected": "6.1.0-b2" }, { "introduced": "0" }, { "last_affected": "6.1.0-b3" }, { "introduced": "0" }, { "last_affected": "6.1.0-b4" }, { "introduced": "0" }, { "last_affected": "6.1.0-ga1" }, { "introduced": "0" }, { "last_affected": "6.1.0-rc1" }, { "introduced": "0" }, { "last_affected": "6.1.1-ga2" }, { "introduced": "0" }, { "last_affected": "6.1.2-ga3" }, { "introduced": "0" }, { "last_affected": "6.2.0-b1" }, { "introduced": "0" }, { "last_affected": "6.2.0-b2" }, { "introduced": "0" }, { "last_affected": "6.2.0-ga1" }, { "introduced": "0" }, { "last_affected": "6.2.0-m1" }, { "introduced": "0" }, { "last_affected": "6.2.0-m2" }, { "introduced": "0" }, { "last_affected": "6.2.0-m3" }, { "introduced": "0" }, { "last_affected": "6.2.0-m4" }, { "introduced": "0" }, { "last_affected": "6.2.0-m5" }, { "introduced": "0" }, { "last_affected": "6.2.0-m6" }, { "introduced": "0" }, { "last_affected": "6.2.0-rc1" }, { "introduced": "0" }, { "last_affected": "6.2.0-rc2" }, { "introduced": "0" }, { "last_affected": "6.2.0-rc3" }, { "introduced": "0" }, { "last_affected": "6.2.0-rc4" }, { "introduced": "0" }, { "last_affected": "6.2.0-rc5" }, { "introduced": "0" }, { "last_affected": "6.2.0-rc6" }, { "introduced": "0" }, { "last_affected": "6.2.1-ga2" }, { "introduced": "0" }, { "last_affected": "6.2.2-ga3" }, { "introduced": "0" }, { "last_affected": "6.2.3-ga4" }, { "introduced": "0" }, { "last_affected": "6.2.4-ga5" }, { "introduced": "0" }, { "last_affected": "6.2.5-ga6" }, { "introduced": "0" }, { "last_affected": "7.0.0-a1" }, { "introduced": "0" }, { "last_affected": "7.0.0-a2" }, { "introduced": "0" }, { "last_affected": "7.0.0-a3" }, { "introduced": "0" }, { "last_affected": "7.0.0-a4" }, { "introduced": "0" }, { "last_affected": "7.0.0-a5" }, { "introduced": "0" }, { "last_affected": "7.0.0-b1" }, { "introduced": "0" }, { "last_affected": "7.0.0-b2" }, { "introduced": "0" }, { "last_affected": "7.0.0-b3" }, { "introduced": "0" }, { "last_affected": "7.0.0-b4" }, { "introduced": "0" }, { "last_affected": "7.0.0-b5" }, { "introduced": "0" }, { "last_affected": "7.0.0-b6" }, { "introduced": "0" }, { "last_affected": "7.0.0-b7" }, { "introduced": "0" }, { "last_affected": "7.0.0-ga1" }, { "introduced": "0" }, { "last_affected": "7.0.0-m1" }, { "introduced": "0" }, { "last_affected": "7.0.0-m2" }, { "introduced": "0" }, { "last_affected": "7.0.0-m3" }, { "introduced": "0" }, { "last_affected": "7.0.0-m4" }, { "introduced": "0" }, { "last_affected": "7.0.0-m5" }, { "introduced": "0" }, { "last_affected": "7.0.0-m6" }, { "introduced": "0" }, { "last_affected": "7.0.0-m7" }, { "introduced": "0" }, { "last_affected": "7.0.1-ga2" }, { "introduced": "0" }, { "last_affected": "7.0.2-ga3" }, { "introduced": "0" }, { "last_affected": "7.0.3-ga4" }, { "introduced": "0" }, { "last_affected": "7.0.4-ga5" }, { "introduced": "0" }, { "last_affected": "7.0.5-ga6" }, { "introduced": "0" }, { "last_affected": "7.0.6-ga7" }, { "introduced": "0" }, { "last_affected": "7.1.0-a1" }, { "introduced": "0" }, { "last_affected": "7.1.0-a2" }, { "introduced": "0" }, { "last_affected": "7.1.0-b1" }, { "introduced": "0" }, { "last_affected": "7.1.0-b2" }, { "introduced": "0" }, { "last_affected": "7.1.0-b3" }, { "introduced": "0" }, { "last_affected": "7.1.0-ga1" }, { "introduced": "0" }, { "last_affected": "7.1.0-m1" }, { "introduced": "0" }, { "last_affected": "7.1.0-m2" }, { "introduced": "0" }, { "last_affected": "7.1.0-rc1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "73c2fa07b6d1ce2d0b52d290fda7c859ed3ec5d9" }, { "introduced": "0" }, { "last_affected": "4f5603382bdec76b2342fa4fbc2088fde55a6701" }, { "introduced": "0" }, { "last_affected": "037e5369e4770a9ca7ee4e39f0dbb2eb2862532a" }, { "introduced": "0" }, { "last_affected": "2ced8fc435f38494ae939edcb6bf0872006d289e" }, { "introduced": "0" }, { "last_affected": "73c2fa07b6d1ce2d0b52d290fda7c859ed3ec5d9" }, { "introduced": "0" }, { "last_affected": "c41fe6f9251c732abbbaff0833093997f45fe771" }, { "introduced": "0" }, { "last_affected": "fe708510b1566583870a6be892d86f1761a1e64b" }, { "introduced": "0" }, { "last_affected": "a3636a9d8cf1db7d6d4c37dfb66b5696826e6181" }, { "introduced": "0" }, { "last_affected": "102d1733262a50f3b38b0ac345cf4edcec0c0147" }, { "introduced": "0" }, { "last_affected": "88c0f2887b0b043996debaa2ac89cfbb58bf34d4" }, { "introduced": "0" }, { "last_affected": "102d1733262a50f3b38b0ac345cf4edcec0c0147" }, { "introduced": "0" }, { "last_affected": "102d1733262a50f3b38b0ac345cf4edcec0c0147" }, { "introduced": "0" }, { "last_affected": "88c0f2887b0b043996debaa2ac89cfbb58bf34d4" }, { "introduced": "0" }, { "last_affected": "5e70cf5d85b7b8d134231a5a849f7c14ec999c37" }, { "introduced": "0" }, { "last_affected": "b3d91bbdf96c0b496a9e9d413c853fd4ec4dd398" }, { "introduced": "0" }, { "last_affected": "88ce66386e7523b9a6a13f4452671bda5ebf3c00" }, { "introduced": "0" }, { "last_affected": "2fe263fd4a97be4062f8f610faaf951b59ba9812" }, { "introduced": "0" }, { "last_affected": "b763e6b461b351df22d19cfeef6cc6e87dc063a2" }, { "introduced": "0" }, { "last_affected": "1a0613d1058c2026fcd0a95f42e7ee691cb5152a" }, { "introduced": "0" }, { "last_affected": "a4975bcab9dbeed99486741ab9bfb11af986603f" }, { "introduced": "0" }, { "last_affected": "dd0055a1dbc65732bc0b4e3fb8142ef31e247ff8" }, { "introduced": "0" }, { "last_affected": "81f35b7112af4ab38e8fe2e0e44f8c9cea5d6927" }, { "introduced": "0" }, { "last_affected": "a70f328d72613022e94f40f963a8b65d6a84b365" }, { "introduced": "0" }, { "last_affected": "93e22c329f89bfa8056fd1038700c8cc0852ad77" }, { "introduced": "0" }, { "last_affected": "dd5ac7f5cf0102e1d230c5840a29f473cdbeb2e3" }, { "introduced": "0" }, { "last_affected": "20502a3ea3a6498a038b27530f3f35f3a511ec75" }, { "introduced": "0" }, { "last_affected": "cb6351aff7ad2cb5dcf4c30e7583079770757425" }, { "introduced": "0" }, { "last_affected": "65d7a800f1a57b232a127bdcaefb876a9de469f9" }, { "introduced": "0" }, { "last_affected": "b0b9e85245327a06dbceac9407cdff2465b757a6" }, { "introduced": "0" }, { "last_affected": "586bf2c21b0bd775aedc0789c37d6111da043d76" }, { "introduced": "0" }, { "last_affected": "712e525580fa83d989cb748dbab27dc7a5d94ccd" }, { "introduced": "0" }, { "last_affected": "7ea9043aa7383d4f2d1656135b535f3276608988" }, { "introduced": "0" }, { "last_affected": "0ea0614a95bd1c31945a9a096e22f40cdf29700c" }, { "introduced": "0" }, { "last_affected": "b0b9e85245327a06dbceac9407cdff2465b757a6" }, { "introduced": "0" }, { "last_affected": "586bf2c21b0bd775aedc0789c37d6111da043d76" }, { "introduced": "0" }, { "last_affected": "712e525580fa83d989cb748dbab27dc7a5d94ccd" }, { "introduced": "0" }, { "last_affected": "7ea9043aa7383d4f2d1656135b535f3276608988" }, { "introduced": "0" }, { "last_affected": "0ea0614a95bd1c31945a9a096e22f40cdf29700c" }, { "introduced": "0" }, { "last_affected": "c98c005f2a37c49feaaa7c96e052edd85da60dbe" }, { "introduced": "0" }, { "last_affected": "d23485b8092ee466ef4550d694bfd85a49c20285" }, { "introduced": "0" }, { "last_affected": "b0b9e85245327a06dbceac9407cdff2465b757a6" }, { "introduced": "0" }, { "last_affected": "b0b9e85245327a06dbceac9407cdff2465b757a6" }, { "introduced": "0" }, { "last_affected": "586bf2c21b0bd775aedc0789c37d6111da043d76" }, { "introduced": "0" }, { "last_affected": "712e525580fa83d989cb748dbab27dc7a5d94ccd" }, { "introduced": "0" }, { "last_affected": "7ea9043aa7383d4f2d1656135b535f3276608988" }, { "introduced": "0" }, { "last_affected": "0ea0614a95bd1c31945a9a096e22f40cdf29700c" }, { "introduced": "0" }, { "last_affected": "c98c005f2a37c49feaaa7c96e052edd85da60dbe" }, { "introduced": "0" }, { "last_affected": "d23485b8092ee466ef4550d694bfd85a49c20285" }, { "introduced": "0" }, { "last_affected": "16d03be248641f92824e33f48a0ff952dfe59703" }, { "introduced": "0" }, { "last_affected": "475b9805d040f0ce2a046955bd68bf16fe1c2f0e" }, { "introduced": "0" }, { "last_affected": "b2d7cc68a80f974282a379aa700e22387c70c50a" }, { "introduced": "0" }, { "last_affected": "07af97431ed9c9ce34dfd814fc14adfc5911450d" }, { "introduced": "0" }, { "last_affected": "1315ff6875135daf5f41378e56cdd6def2ac7e14" }, { "introduced": "0" }, { "last_affected": "e1ac3de357b51e64ba77c121e5f65fe5b6f297f8" }, { "introduced": "0" }, { "last_affected": "d67b55c18ccb3d6e9d142f8148032d0d130fe9cb" }, { "introduced": "0" }, { "last_affected": "5d9fb631f3719c9f3e5002e50fb40951aaf43cc9" }, { "introduced": "0" }, { "last_affected": "d67b55c18ccb3d6e9d142f8148032d0d130fe9cb" }, { "introduced": "0" }, { "last_affected": "5d9fb631f3719c9f3e5002e50fb40951aaf43cc9" }, { "introduced": "0" }, { "last_affected": "aa2c022f6b63addd28bff66a2d8fdf0c1a5a268e" }, { "introduced": "0" }, { "last_affected": "d67b55c18ccb3d6e9d142f8148032d0d130fe9cb" }, { "introduced": "0" }, { "last_affected": "d67b55c18ccb3d6e9d142f8148032d0d130fe9cb" }, { "introduced": "0" }, { "last_affected": "5d9fb631f3719c9f3e5002e50fb40951aaf43cc9" }, { "introduced": "0" }, { "last_affected": "439f94cc22eea87c56abb3405b6f8e3ba705dacb" } ], "repo": "https://github.com/liferay/liferay-portal", "type": "GIT" } ] } ], "details": "In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the \"url\" parameter of the JSP taglib call \u003cliferay-ui:captcha url=\"\u003c%= url %\u003e\" /\u003e or \u003cliferay-captcha:captcha url=\"\u003c%= url %\u003e\" /\u003e. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.", "id": "CVE-2019-6588", "modified": "2026-03-13T21:57:13.520413671Z", "published": "2019-06-03T20:29:01.547Z", "references": [ { "type": "WEB", "url": "http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html" }, { "type": "ADVISORY", "url": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }