Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2008-0179
cve
2008
0179
cross-site scripting
xss
vulnerability
liferay portal 4.3.6
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.9%
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
Affected configurations
Node
liferayliferay_enterprise_portalMatch4.3.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| liferay:liferay_enterprise_portal | liferay liferay enterprise portal | eq | 4.3.6 |
Related
cert
cert
Liferay Portal Forgot Password User-Agent HTTP header XSS
2008-01-31 00:00:00
cvelist
cvelist
CVE-2008-0179
2022-10-03 16:14:06
prion
prion
Cross site scripting
2008-02-05 00:00:00
nvd
nvd
CVE-2008-0179
2008-02-05 00:00:00
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.9%
Related for CVE-2008-0179