2 matches found
CVE-2009-3742
Cross-site scripting XSS vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the ppid parameter...
CVE-2009-3742
CVE-2009-3742 affects Liferay Portal prior to 5.3.0, where the p_p_id parameter can be exploited to inject arbitrary script/HTML (persistent XSS). The root cause is inadequate sanitization of the p_p_id value, allowing remote attackers to execute script in a user’s context. A fix is available in ...