CVE-2011-1570

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:26

Type Values Removed Values Added
References () http://issues.liferay.com/browse/LPS-12628 - Issue Tracking, Vendor Advisory () http://issues.liferay.com/browse/LPS-12628 - Issue Tracking, Vendor Advisory
References () http://issues.liferay.com/browse/LPS-13250 - Exploit, Issue Tracking, Vendor Advisory () http://issues.liferay.com/browse/LPS-13250 - Exploit, Issue Tracking, Vendor Advisory
References () http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 - Release Notes, Vendor Advisory () http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 - Release Notes, Vendor Advisory
References () http://openwall.com/lists/oss-security/2011/03/29/1 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2011/03/29/1 - Mailing List, Third Party Advisory
References () http://openwall.com/lists/oss-security/2011/04/08/5 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2011/04/08/5 - Mailing List, Third Party Advisory
References () http://openwall.com/lists/oss-security/2011/04/11/9 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2011/04/11/9 - Mailing List, Third Party Advisory

Information

Published : 2011-05-07 19:55

Updated : 2024-11-21 01:26


NVD link : CVE-2011-1570

Mitre link : CVE-2011-1570

CVE.ORG link : CVE-2011-1570


JSON object : View

Products Affected

liferay

  • liferay_portal

microsoft

  • windows_7
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')