Liferay Portal Enterprise portal_ent Multiple Variable XSS

2005-12-17T01:03:42
ID OSVDB:21812
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-17T01:03:42

Description

Vulnerability Description

Liferay Portal Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_77_struts_action', 'p_p_mode' and 'p_p_state' variables upon submission to the 'portal_ent' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Liferay Portal Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_77_struts_action', 'p_p_mode' and 'p_p_state' variables upon submission to the 'portal_ent' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/web/guest/downloads/portal_ent?p_p_id=77&p_p_action=1&p_p_state=maximized&p_p_mode=view&p_p_col_order=null&p_p_col_pos=2&p_p_col_count=3&_77_struts_action=[XSS]

/web/guest/downloads/portal_ent?p_p_id=77&p_p_action=1&p_p_state=maximized&p_p_mode=[XSS]

/web/guest/downloads/portal_ent?p_p_id=77&p_p_action=1&p_p_state=[XSS]

References:

Vendor URL: http://liferay.com/ Secunia Advisory ID:18116 Related OSVDB ID: 6346 Other Advisory URL: http://pridels.blogspot.com/2005/12/liferay-portal-enterprise-361-xss.html CVE-2005-4400 Bugtraq ID: 15951