Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://issues.liferay.com/browse/LPS-12628 - Issue Tracking, Vendor Advisory | |
References | () http://issues.liferay.com/browse/LPS-13250 - Exploit, Issue Tracking, Vendor Advisory | |
References | () http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 - Release Notes, Vendor Advisory | |
References | () http://openwall.com/lists/oss-security/2011/03/29/1 - Mailing List, Third Party Advisory | |
References | () http://openwall.com/lists/oss-security/2011/04/08/5 - Mailing List, Third Party Advisory | |
References | () http://openwall.com/lists/oss-security/2011/04/11/9 - Mailing List, Third Party Advisory |
Information
Published : 2011-05-07 19:55
Updated : 2024-11-21 01:26
NVD link : CVE-2011-1570
Mitre link : CVE-2011-1570
CVE.ORG link : CVE-2011-1570
JSON object : View
Products Affected
liferay
- liferay_portal
microsoft
- windows_7
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')