CVE-2019-6588

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6588
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6588.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6588
Aliases
Published
2019-06-03T20:29:01.547Z
Modified
2026-04-10T04:19:49.897260Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
73c2fa07b6d1ce2d0b52d290fda7c859ed3ec5d9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4f5603382bdec76b2342fa4fbc2088fde55a6701
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
037e5369e4770a9ca7ee4e39f0dbb2eb2862532a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ced8fc435f38494ae939edcb6bf0872006d289e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
73c2fa07b6d1ce2d0b52d290fda7c859ed3ec5d9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c41fe6f9251c732abbbaff0833093997f45fe771
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fe708510b1566583870a6be892d86f1761a1e64b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a3636a9d8cf1db7d6d4c37dfb66b5696826e6181
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
102d1733262a50f3b38b0ac345cf4edcec0c0147
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
88c0f2887b0b043996debaa2ac89cfbb58bf34d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
102d1733262a50f3b38b0ac345cf4edcec0c0147
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
102d1733262a50f3b38b0ac345cf4edcec0c0147
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
88c0f2887b0b043996debaa2ac89cfbb58bf34d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5e70cf5d85b7b8d134231a5a849f7c14ec999c37
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b3d91bbdf96c0b496a9e9d413c853fd4ec4dd398
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
88ce66386e7523b9a6a13f4452671bda5ebf3c00
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2fe263fd4a97be4062f8f610faaf951b59ba9812
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b763e6b461b351df22d19cfeef6cc6e87dc063a2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1a0613d1058c2026fcd0a95f42e7ee691cb5152a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a4975bcab9dbeed99486741ab9bfb11af986603f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dd0055a1dbc65732bc0b4e3fb8142ef31e247ff8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
81f35b7112af4ab38e8fe2e0e44f8c9cea5d6927
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a70f328d72613022e94f40f963a8b65d6a84b365
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
93e22c329f89bfa8056fd1038700c8cc0852ad77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dd5ac7f5cf0102e1d230c5840a29f473cdbeb2e3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
20502a3ea3a6498a038b27530f3f35f3a511ec75
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cb6351aff7ad2cb5dcf4c30e7583079770757425
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
65d7a800f1a57b232a127bdcaefb876a9de469f9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0b9e85245327a06dbceac9407cdff2465b757a6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
586bf2c21b0bd775aedc0789c37d6111da043d76
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
712e525580fa83d989cb748dbab27dc7a5d94ccd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ea9043aa7383d4f2d1656135b535f3276608988
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0ea0614a95bd1c31945a9a096e22f40cdf29700c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0b9e85245327a06dbceac9407cdff2465b757a6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
586bf2c21b0bd775aedc0789c37d6111da043d76
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
712e525580fa83d989cb748dbab27dc7a5d94ccd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ea9043aa7383d4f2d1656135b535f3276608988
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0ea0614a95bd1c31945a9a096e22f40cdf29700c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c98c005f2a37c49feaaa7c96e052edd85da60dbe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d23485b8092ee466ef4550d694bfd85a49c20285
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0b9e85245327a06dbceac9407cdff2465b757a6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0b9e85245327a06dbceac9407cdff2465b757a6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
586bf2c21b0bd775aedc0789c37d6111da043d76
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
712e525580fa83d989cb748dbab27dc7a5d94ccd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ea9043aa7383d4f2d1656135b535f3276608988
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0ea0614a95bd1c31945a9a096e22f40cdf29700c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c98c005f2a37c49feaaa7c96e052edd85da60dbe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d23485b8092ee466ef4550d694bfd85a49c20285
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
16d03be248641f92824e33f48a0ff952dfe59703
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
475b9805d040f0ce2a046955bd68bf16fe1c2f0e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b2d7cc68a80f974282a379aa700e22387c70c50a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
07af97431ed9c9ce34dfd814fc14adfc5911450d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1315ff6875135daf5f41378e56cdd6def2ac7e14
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e1ac3de357b51e64ba77c121e5f65fe5b6f297f8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d67b55c18ccb3d6e9d142f8148032d0d130fe9cb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d9fb631f3719c9f3e5002e50fb40951aaf43cc9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d67b55c18ccb3d6e9d142f8148032d0d130fe9cb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d9fb631f3719c9f3e5002e50fb40951aaf43cc9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aa2c022f6b63addd28bff66a2d8fdf0c1a5a268e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d67b55c18ccb3d6e9d142f8148032d0d130fe9cb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d67b55c18ccb3d6e9d142f8148032d0d130fe9cb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d9fb631f3719c9f3e5002e50fb40951aaf43cc9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
439f94cc22eea87c56abb3405b6f8e3ba705dacb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-b2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-b3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-b4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-ga1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.1-ga2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.2-ga3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-b2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-ga1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-m1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-m2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-m3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-m4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-m5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-m6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-rc5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0-rc6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.1-ga2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.2-ga3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.3-ga4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.4-ga5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.5-ga6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-a1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-a2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-a3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-a4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-a5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-b7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-ga1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-m7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1-ga2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.2-ga3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.3-ga4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.4-ga5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.5-ga6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.6-ga7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-a1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-a2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-b2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-b3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-ga1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-m1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-m2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0-rc1"
        }
    ]
}

Affected versions

6.*
6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-ga1
6.1.0-rc1
6.1.1-ga2
6.1.2-ga3
6.2.0-b1
6.2.0-b2
6.2.0-ga1
6.2.0-m1
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6
6.2.0-rc1
6.2.0-rc2
6.2.0-rc3
6.2.0-rc4
6.2.0-rc5
6.2.0-rc6
6.2.1-ga2
6.2.2-ga3
6.2.3-ga4
6.2.4-ga5
6.2.5-ga6
7.*
7.0.0-a1
7.0.0-a2
7.0.0-a3
7.0.0-a4
7.0.0-a5
7.0.0-b1
7.0.0-b2
7.0.0-b3
7.0.0-b4
7.0.0-b5
7.0.0-b6
7.0.0-b7
7.0.0-ga1
7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.0.0-m6
7.0.0-m7
7.0.1-ga2
7.0.2-ga3
7.0.3-ga4
7.0.4-ga5
7.0.5-ga6
7.0.6-ga7
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-b3
7.1.0-m1
7.1.0-m2
7.1.0-rc1
sync-3.*
sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6588.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0.6"
            }
        ]
    }
]