CVE-2020-7934

MEDIUM LAB

LifeRay Portal CE <7.2.1 GA2 - XSS

Title source: llm

Description

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.

Exploits (3)

exploitdb WORKING POC

by 3ndG4me · textwebappsmultiple

https://www.exploit-db.com/exploits/49091

View Code ZIP pw:eip

nomisec WORKING POC 6 stars

by 3ndG4me · poc

https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934

View Code ZIP pw:eip

nomisec WORKING POC

by giardinas-dev · poc

https://github.com/giardinas-dev/audit-xss-cve-2020-7934

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934

[Third Party Advisory] https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0329

EPSS Percentile 87.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull liferay/portal:7.2.1-ga2

https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934

https://github.com/giardinas-dev/audit-xss-cve-2020-7934

View in Library

Details

CWE

CWE-79

Status published

Products (2)

com.liferay.portal/release.portal.bom 7.1.0 - 7.3.0Maven

liferay/liferay_portal 7.1.0 - 7.2.1

Published Jan 28, 2020

Tracked Since Feb 18, 2026