CVE-2020-25476 Liferay CMS Portal (blind persistent XSS)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the username parameter to Calendar. An attacker can insert the malicious payload on the username, last name or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability has not been assigned yet.
1.3 Affected Version
Liferay CMS Portal version 7.1.3 and 7.2.1
1.4 Vulnerability Attribution
This vulnerability was disclosed by Casey Erdmann, Giuseppino Cadeddu, and Simone Cinti.
1.5 Risk Impact
A content management system (CMS) is software that enables non-technical users to store, organize and publish web content easily. Liferay is an open-source enterprise portal which is free and mainly used to enable corporate extranet and intranet. It is a robust web application platform written in Java and offers a host of features useful for the development of portals and websites. According to Builtwith . Liferay is deployed on ~54K websites.
An exploit is not publicly available but given the disclosure, it is very easy to construct one.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web would be able to protect against such reflected Cross Site Scripting vulnerabilities.
1.7 Reference Links:
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!