Vulnerabilities > Liferay

DATE	CVE	VULNERABILITY TITLE	RISK
2008-02-05	CVE-2008-0182	Cross-Site Request Forgery (CSRF) vulnerability in Liferay Enterprise Portal Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. network liferay CWE-352	4.3
2008-02-05	CVE-2008-0181	Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. network liferay CWE-79	4.3
2008-02-05	CVE-2008-0180	Cross-Site Scripting vulnerability in Liferay Enterprise Portal Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. network liferay CWE-79	4.3
2008-02-05	CVE-2008-0179	Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. network high complexity liferay CWE-79	2.6
2008-02-05	CVE-2008-0178	Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. network liferay CWE-79	4.3
2007-11-30	CVE-2007-6173	Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.1 Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. network liferay CWE-79	4.3
2007-11-20	CVE-2007-6055	Cross-Site Scripting vulnerability in Liferay Portal 4.1.0/4.1.1 Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. network liferay CWE-79	4.3
2005-12-20	CVE-2005-4400	Cross-Site Scripting vulnerability in Liferay Portal Enterprise Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. network liferay	4.3
2004-05-22	CVE-2004-2030	Cross-Site Scripting vulnerability in Liferay Enterprise Portal 2.1.0 Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. network liferay CWE-79	4.3

Vulnerabilities > Liferay {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Liferay"}]}

Vulnerabilities > Liferay