Vulnerabilities > Liferay > Liferay Enterprise Portal > 4.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-05 | CVE-2008-0180 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | 4.3 |
2007-11-30 | CVE-2007-6173 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.1 Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. | 4.3 |