What is the severity of CVE-2019-16147?

CVE-2019-16147 has been assigned a moderate severity rating due to its potential for cross-site scripting (XSS) attacks.

How do I fix CVE-2019-16147?

To mitigate CVE-2019-16147, update Liferay Portal to a version higher than 7.2.0 GA1.

What is affected by CVE-2019-16147?

CVE-2019-16147 affects Liferay Portal versions up to 7.2.0 GA1 and includes various alpha, beta, and release candidates.

What kind of vulnerability is CVE-2019-16147?

CVE-2019-16147 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts through journal article titles.

Can CVE-2019-16147 allow unauthorized access to user data?

Yes, exploiting CVE-2019-16147 through XSS can potentially lead to unauthorized access to user data and session hijacking.

Vulnerability/
CVE-2019-16147

medium

6.1

CWE

9/9/2019

24/5/2022

28/4/2025

CVE-2019-16147: XSS

First published: Mon Sep 09 2019(Updated: )

Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to `journal_article/page.jsp` in `journal/journal-taglib`.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Liferay 7.4 GA	<7.2.0
Liferay 7.4 GA	=7.2.0-alpha1
Liferay 7.4 GA	=7.2.0-beta1
Liferay 7.4 GA	=7.2.0-beta2
Liferay 7.4 GA	=7.2.0-beta3
Liferay 7.4 GA	=7.2.0-ga1
Liferay 7.4 GA	=7.2.0-milestone2
Liferay 7.4 GA	=7.2.0-rc2
Liferay 7.4 GA	=7.2.0-rc3
maven/com.liferay:com.liferay.journal.taglib	<3.0.4	3.0.4

Remedy

https://github.com/liferay/liferay-portal/commit/7e063aed70f947a92bb43a4471e0c4e650fe8f7f

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-16147?
CVE-2019-16147 has been assigned a moderate severity rating due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2019-16147?
To mitigate CVE-2019-16147, update Liferay Portal to a version higher than 7.2.0 GA1.
What is affected by CVE-2019-16147?
CVE-2019-16147 affects Liferay Portal versions up to 7.2.0 GA1 and includes various alpha, beta, and release candidates.
What kind of vulnerability is CVE-2019-16147?
CVE-2019-16147 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts through journal article titles.
Can CVE-2019-16147 allow unauthorized access to user data?
Yes, exploiting CVE-2019-16147 through XSS can potentially lead to unauthorized access to user data and session hijacking.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/remedy
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/source
agent/references
agent/severity
agent/last-modified-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-m2gx-7pvx-3gvg
alias/CVE-2019-16147
agent/software-canonical-lookup
agent/description
collector/nvd-cve
source/NVD
agent/softwarecombine
agent/tags
agent/event
collector/github-advisory
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/7.2.0-alpha1
version/liferay 7.4 ga/7.2.0-beta1
version/liferay 7.4 ga/7.2.0-beta2
version/liferay 7.4 ga/7.2.0-beta3
version/liferay 7.4 ga/7.2.0-ga1
version/liferay 7.4 ga/7.2.0-milestone2
version/liferay 7.4 ga/7.2.0-rc2
version/liferay 7.4 ga/7.2.0-rc3
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.