CVE-2017-12649

medium

Published 2017-08-07 · Modified 2025-08-08

CVSS v3

6.1

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

4.3

VIR risk

6.1

Description

Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display

Predictions

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/brianchandotcom/liferay-portal/pull/47579

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities

Package impact

Ecosystem	Package	Vulnerable	Fixed
Maven	com.liferay.portal:release.portal.bom	`<7.0.3-ga4`	`7.0.3-ga4`

Application impact

Vendor	Product	Versions	Fixed
liferay	liferay_portal	`{"endIncluding":"7.0"}`

References

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
https://github.com/brianchandotcom/liferay-portal/pull/47579
https://nvd.nist.gov/vuln/detail/CVE-2017-12649
https://github.com/liferay/liferay-portal
https://web.archive.org/web/20200901000000*/https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.