Vulnerabilities > Liferay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-05 | CVE-2008-0181 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | 4.3 |
| 2008-02-05 | CVE-2008-0180 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | 4.3 |
| 2008-02-05 | CVE-2008-0179 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | 2.6 |
| 2008-02-05 | CVE-2008-0178 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | 4.3 |
| 2007-11-30 | CVE-2007-6173 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.1 Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. | 4.3 |
| 2007-11-20 | CVE-2007-6055 | Cross-Site Scripting vulnerability in Liferay Portal 4.1.0/4.1.1 Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | 4.3 |
| 2005-12-20 | CVE-2005-4400 | Cross-Site Scripting vulnerability in Liferay Portal Enterprise Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. network liferay | 4.3 |
| 2004-05-22 | CVE-2004-2030 | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 2.1.0 Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. | 4.3 |