Vulnerabilities > Liferay > Liferay Enterprise Portal > 4.3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-05 | CVE-2008-0563 | Cross-Site Request Forgery (CSRF) vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | 4.3 |
2008-02-05 | CVE-2008-0181 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | 4.3 |
2008-02-05 | CVE-2008-0180 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | 4.3 |
2008-02-05 | CVE-2008-0179 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | 2.6 |
2008-02-05 | CVE-2008-0178 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | 4.3 |