CVE-2009-1294 – Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1294
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en web/guest/home en el portal Liferay v4.3.0 en Novell Teaming v1.0 a SP3 (1.0.3) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) p_p_state or (2) p_p_mode. • https://www.exploit-db.com/exploits/32909 http://secunia.com/advisories/34714 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737 http://www.securityfocus.com/archive/1/502704/100/0/threaded http://www.securityfocus.com/bid/34531 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://www.sec-consult.com/files/20090415-0-novell-te • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0180
https://notcve.org/view.php?id=CVE-2008-0180
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. Vulnerabilidad de secuencias de comandos en sitios cruzados en themes/_unstyled/templates/init.vm en Liferay Portal 4.3.6. Permite a usuarios autenticados remotamente inyectar scripts web o HTMLs arbitrarios a través del campo Greeting en un Perfil de Usuario. • http://secunia.com/advisories/28742 http://support.liferay.com/browse/LEP-4738 http://www.kb.cert.org/vuls/id/732449 http://www.securityfocus.com/bid/27546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0182
https://notcve.org/view.php?id=CVE-2008-0182
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el portlet Admin de Liferay Portal en versiones anteriores a 4.4.0. Permite a usuario autenticados remotamente realizar acciones sin especificar como otros usuarios autenticados sin especificar a través del mensaje de Shutdown (apagado). • http://secunia.com/advisories/28742 http://support.liferay.com/browse/LEP-4739 http://www.kb.cert.org/vuls/id/767825 • CWE-352: Cross-Site Request Forgery (CSRF) •