2 matches found
CVE-2008-0180
The CVE-2008-0180 issue affects Liferay Portal 4.3.6, where the User Profile Greeting in themes/_unstyled/templates/init.vm is not properly sanitized, allowing an authenticated user to inject script/HTML (XSS). The Red Hat/ CERT and CVE records corroborate a stored XSS risk via the Greeting field...
Liferay Portal User Profile Greeting stored XSS
Overview Liferay Portal fails to properly validate the User Profile "Greeting" value, which can allow script to execute when a user logs into the portal. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The User Profile "Greeting" value of Liferay Portal...