Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2004-2030

Publish Date: 22 May 2004

                							

                source: http://www.securityfocus.com/bid/10402/info

It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal. 


Test:
Add a message with subject &lt;script&gt;history.go(-1)&lt;/script&gt;
Now, no user can see message board.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities

Vulmon Search

About

Products

Connect