Homepage
About Snyk

com.liferay:com.liferay.captcha.taglib@1.0.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.captcha.taglib package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

com.liferay:com.liferay.captcha.taglib is a taglib library for liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay:com.liferay.captcha.taglib to version 2.0.2 or higher.

[,2.0.2)
Go back to all versions of this package