Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
References
Link | Resource |
---|---|
http://support.liferay.com/browse/LEP-4737 |
Configurations
History
No history.
Information
Published : 2008-02-05 00:00
Updated : 2024-02-28 11:01
NVD link : CVE-2008-0563
Mitre link : CVE-2008-0563
CVE.ORG link : CVE-2008-0563
JSON object : View
Products Affected
liferay
- liferay_enterprise_portal
CWE
CWE-352
Cross-Site Request Forgery (CSRF)