Cross-site scripting (XSS) exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
{
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed_at": "2025-07-18T19:40:46Z",
"github_reviewed": true,
"nvd_published_at": "2017-08-07T16:29:00Z"
}