3 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Liferay Portal Community Edition CE 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030...
CVE-2004-2030
CVE-2004-2030 describes multiple XSS vulnerabilities in Liferay’s index.jsp prior to version 2.2.0 (released 2004-10-01), where remote attackers could inject arbitrary web script or HTML by exploiting the message subject. The accompanying sources confirm the vulnerability class (XSS) and affected...
CVE-2004-2030
Multiple cross-site scripting XSS vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject...