Описание
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
Ссылки
- Issue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.0 (включая) до 6.0.5 (включая)
Одновременно
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00646
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
debian
больше 14 лет назад
Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
EPSS
Процентиль: 70%
0.00646
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79