AnchorSec’s research team investigate the Liferay application and find a Cross-Site Scripting vulnerability that leads to Remote Code Execution, via CAPTCHA bypass. This blog explains the vulnerability and how it was exploited.