Vulnerabilities > Liferay

DATE CVE VULNERABILITY TITLE RISK
2008-02-05 CVE-2008-0181 Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6
Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.
network
liferay CWE-79
4.3
2008-02-05 CVE-2008-0180 Cross-Site Scripting vulnerability in Liferay Enterprise Portal
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
network
liferay CWE-79
4.3
2008-02-05 CVE-2008-0179 Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
network
high complexity
liferay CWE-79
2.6
2008-02-05 CVE-2008-0178 Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
network
liferay CWE-79
4.3
2007-11-30 CVE-2007-6173 Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.1
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055.
network
liferay CWE-79
4.3
2007-11-20 CVE-2007-6055 Cross-Site Scripting vulnerability in Liferay Portal 4.1.0/4.1.1
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter.
network
liferay CWE-79
4.3
2005-12-20 CVE-2005-4400 Cross-Site Scripting vulnerability in Liferay Portal Enterprise
Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters.
network
liferay
4.3
2004-05-22 CVE-2004-2030 Cross-Site Scripting vulnerability in Liferay Enterprise Portal 2.1.0
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.
network
liferay CWE-79
4.3