Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module’s OAuth2ProviderApplicationRedirect class in Liferay Portal allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More