Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
References
Link | Resource |
---|---|
http://issues.liferay.com/browse/LPS-12628 | Issue Tracking Vendor Advisory |
http://issues.liferay.com/browse/LPS-13250 | Exploit Issue Tracking Vendor Advisory |
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 | Release Notes Vendor Advisory |
http://openwall.com/lists/oss-security/2011/03/29/1 | Mailing List Third Party Advisory |
http://openwall.com/lists/oss-security/2011/04/08/5 | Mailing List Third Party Advisory |
http://openwall.com/lists/oss-security/2011/04/11/9 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2011-05-07 19:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1570
Mitre link : CVE-2011-1570
CVE.ORG link : CVE-2011-1570
JSON object : View
Products Affected
liferay
- liferay_portal
microsoft
- windows_7
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')