CVE-2019-6588

MEDIUM

Liferay Portal < 7.1 CE GA4 - Cross-Site Scripting via SimpleCaptcha URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6588. PoCs published by Valerio Brussani.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in Liferay Portal's SimpleCaptcha API by injecting a script payload into the 'url' parameter of the JSP taglib call. The payload is reflected in the 'src' attribute of an 'img' tag, triggering the XSS.

Description

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Exploits (1)

exploitdb WORKING POC

by Valerio Brussani · textwebappsjsp

https://www.exploit-db.com/exploits/46983

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in Liferay Portal's SimpleCaptcha API by injecting a script payload into the 'url' parameter of the JSP taglib call. The payload is reflected in the 'src' attribute of an 'img' tag, triggering the XSS.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Liferay Portal < 7.1 CE GA4

No auth needed

Prerequisites: Customized Liferay portlet calling the SimpleCaptcha API without input sanitization

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html

Scores

CVSS v3 4.7

EPSS 0.0135

EPSS Percentile 80.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (12)

com.liferay.portal/release.portal.bom 0 - 7.1.0Maven

liferay/liferay_portal 6.1.0 b1 (6 CPE variants)

liferay/liferay_portal 6.1.1 ga2

liferay/liferay_portal 6.1.2 ga3

liferay/liferay_portal 6.2.0 b1 (15 CPE variants)

liferay/liferay_portal 6.2.1 ga2

liferay/liferay_portal 6.2.2 ga3

liferay/liferay_portal 6.2.3 ga4

liferay/liferay_portal 6.2.4 ga5

liferay/liferay_portal 6.2.5 ga6

... and 2 more

Published Jun 03, 2019

Tracked Since Feb 18, 2026