2 matches found
Liferay Portal < 6.0.6 Multiple Vulnerabilities
According to its self-reported version number, the installation of Liferay Portal hosted on the remote web server is affected by multiple vulnerabilities : - An arbitrary file download vulnerability exists when Apache Tomcat is used, which allows remote, authenticated users to download arbitrary...
CVE-2011-1570
CVE-2011-1570 is a cross-site scripting (XSS) vulnerability affecting Liferay Portal Community Edition (CE) 6.x prior to 6.0.6 GA when running on Apache Tomcat. The issue allows remote authenticated users to inject arbitrary web script or HTML via a message title. The vulnerability is documented ...