Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay liferay enterprise portal 2.2.0 |
||
liferay liferay enterprise portal 3.6.1 |
||
liferay liferay enterprise portal 4.1 |
||
liferay liferay enterprise portal 4.1.1 |
||
liferay liferay enterprise portal |
||
liferay liferay enterprise portal 1.0 |
||
liferay liferay enterprise portal 2.1.0 |
||
liferay liferay enterprise portal 4.3.1 |
||
liferay liferay enterprise portal 2.0 |
||
liferay liferay enterprise portal 2.1.1 |
||
liferay liferay enterprise portal 4.1.3 |
||
liferay liferay enterprise portal 4.3.6 |