Liferay Portal Security Vulnerabilities and Issues — Liferay Portal CVE List

Lucene search

LiferayLiferay Portal

4 matches found

CVE•added 2011/05/07 7:55 p.m.•52 views

CVE-2011-1571

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

6.8CVSS7.7AI score0.0739EPSS

CVE•added 2011/05/07 7:55 p.m.•48 views

CVE-2011-1502

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

4CVSS6.5AI score0.00514EPSS

CVE•added 2011/05/07 7:55 p.m.•36 views

CVE-2011-1570

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

3.5CVSS5.3AI score0.01623EPSS

CVE•added 2011/05/07 7:55 p.m.•33 views

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

3.5CVSS6.2AI score0.00657EPSS