Published: 07/05/2011 Updated: 31/05/2011
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

Affected Products

Vendor Product Versions
LiferayPortal6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5