Liferay Enterprise Portal multiple XSS

2007-11-29T00:00:00
ID SECURITYVULNS:DOC:18526
Type securityvulns
Reporter Securityvulns
Modified 2007-11-29T00:00:00

Description

Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error

Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New Password" button.

Examples: 1."><script>alert('xss')</script> 2.<html><b>XSS</b></font></html> 3."><iframe>

Discovered by: Joshua Morin