Liferay Enterprise Portal Security Vulnerabilities and Issues — Liferay Enterprise Portal CVE List

Lucene search

LiferayLiferay Enterprise Portal

9 matches found

CVE•added 2008/02/05 12:0 a.m.•46 views

CVE-2008-0182

Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.

4.3CVSS6.5AI score0.00131EPSS

CVE•added 2007/11/30 12:46 a.m.•43 views

CVE-2007-6173

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained ...

4.3CVSS5.7AI score0.07643EPSS

CVE•added 2005/05/10 4:0 a.m.•42 views

CVE-2004-2030

Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.

4.3CVSS6AI score0.01623EPSS

CVE•added 2008/02/05 12:0 a.m.•41 views

CVE-2008-0178

Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3CVSS5.3AI score0.02586EPSS

CVE•added 2009/04/16 3:12 p.m.•40 views

CVE-2009-1294

Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.

4.3CVSS5.9AI score0.0245EPSS

CVE•added 2008/02/05 12:0 a.m.•39 views

CVE-2008-0180

Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.

4.3CVSS5.3AI score0.00582EPSS

CVE•added 2008/02/05 12:0 a.m.•36 views

CVE-2008-0179

Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.

2.6CVSS5.7AI score0.00789EPSS

CVE•added 2008/02/05 12:0 a.m.•35 views

CVE-2008-0181

Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.

4.3CVSS5.3AI score0.00582EPSS

CVE•added 2008/02/05 12:0 a.m.•33 views

CVE-2008-0563

Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in...

4.3CVSS6.6AI score0.00114EPSS