3 matches found
CVE-2008-0178
Cross-site scripting XSS vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header...
CVE-2008-0178
Liferay Portal 4.3.6 is affected in the Enterprise Admin Session Monitoring component by a cross-site scripting (XSS) vulnerability that can be triggered through the User-Agent HTTP header. An authenticated user could inject arbitrary script/HTML, potentially executing within the administrator’s ...
Liferay Portal Enterprise Admin User-Agent HTTP header XSS
Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...