CVE-2011-1570

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
References
Link Resource
http://issues.liferay.com/browse/LPS-12628 Issue Tracking Vendor Advisory
http://issues.liferay.com/browse/LPS-13250 Exploit Issue Tracking Vendor Advisory
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 Release Notes Vendor Advisory
http://openwall.com/lists/oss-security/2011/03/29/1 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/08/5 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/04/11/9 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-05-07 19:55

Updated : 2024-02-28 11:41


NVD link : CVE-2011-1570

Mitre link : CVE-2011-1570

CVE.ORG link : CVE-2011-1570


JSON object : View

Products Affected

liferay

  • liferay_portal

microsoft

  • windows_7
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')