Lucene search
Veracode Vulnerability DatabaseVERACODE:25557HistoryJun 02, 2020 - 6:04 a.m.
Cross-site Scripting (XSS)
2020-06-0206:04:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
EPSS
0.001
Percentile
39.8%
portal-web is vulnerable to Cross-site Scripting (XSS). The attack exists due to the lack of sanitization of the _20_body parameter in comment field in an uploaded file, allowing an authenticated user to inject malicious script.
References
packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2014/Nov/61
www.deloitte.com/ar
www.securitytracker.com/id/1031255
github.com/liferay/liferay-portal/commit/04618c820b0a0c03c9e4fcbb297b061b7b199dc2
github.com/liferay/liferay-portal/pull/112
issues.liferay.com/browse/LPE-12961
seclists.org/fulldisclosure/2014/Nov/61
twitter.com/Arl_rose?
Related
nvd
nvd
CVE-2014-8349
2014-11-24 16:59:03
cvelist
cvelist
CVE-2014-8349
2014-11-24 16:00:00
cve
cve
CVE-2014-8349
2014-11-24 16:59:03
prion
prion
Cross site scripting
2014-11-24 16:59:00
zdt
zdt
Liferay Portal 6.2 EE SP8 Cross Site Scripting Vulnerability
2014-11-21 00:00:00