CVSS: 6.1EPSS: 2%CPEs: 5EXPL: 3CVE-2009-1294 – Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1294
16 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en web/guest/home en el portal Liferay v4.3.0 en Novell Teaming v1.0 a SP3 (1.0.3) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los ... • https://www.exploit-db.com/exploits/32909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 2CVE-2008-0178 – Liferay Enterprise Portal 4.3.6 - User-Agent HTTP Header Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0178
04 Feb 2008 — Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente Enterprise Admin Session Monitoring de Liferay Portal 4.3.6. Permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de la cabecera HTTP User-Agent. • https://www.exploit-db.com/exploits/31082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0179
https://notcve.org/view.php?id=CVE-2008-0179
04 Feb 2008 — Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en service/impl/UserLocalServiceImpl.java en Liferay Portal 4.3.6. Permite a atacantes remotos inyectar scripts web o HTMLs arbitrarios a través de la cabecera User-Ag... • http://secunia.com/advisories/28742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2008-0180
https://notcve.org/view.php?id=CVE-2008-0180
04 Feb 2008 — Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. Vulnerabilidad de secuencias de comandos en sitios cruzados en themes/_unstyled/templates/init.vm en Liferay Portal 4.3.6. Permite a usuarios autenticados remotamente inyectar scripts web o HTMLs arbitrarios a través del campo Greeting en un Perfil de Usuario. • http://secunia.com/advisories/28742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0181
https://notcve.org/view.php?id=CVE-2008-0181
04 Feb 2008 — Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el portlet Admin de Liferay Portal 4.3.6. Permite a usuarios autenticados remotamente inyectar scripts web o HTMLs arbitrarios a través del mensaje de Shutdown (apagado). • http://secunia.com/advisories/28742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0182
https://notcve.org/view.php?id=CVE-2008-0182
04 Feb 2008 — Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el portlet Admin de Liferay Portal en versiones anteriores a 4.4.0. Permite a usuario autenticados remotamente realizar acciones sin especificar como otros usuarios autenticados sin especificar a través del ... • http://secunia.com/advisories/28742 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0563
https://notcve.org/view.php?id=CVE-2008-0563
04 Feb 2008 — Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en service/impl/UserLocalServiceImpl.java de Liferay Portal 4.3.6. Permite a atacantes remotos realizar acciones sin especificar ... • http://support.liferay.com/browse/LEP-4737 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 2CVE-2007-6173 – Liferay Portal 4.3.1 - Forgot-Password Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6173
30 Nov 2007 — Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en c/portal/login de Liferay Enterprise Portal 4.3.1 permite a atacantes remotos inyectar secuencias de comandos web ... • https://www.exploit-db.com/exploits/30817 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2005-4400 – Liferay Portal Enterprise 3.6.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-4400
20 Dec 2005 — Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. • https://www.exploit-db.com/exploits/26884 •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 1CVE-2004-2030 – Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2030
22 May 2004 — Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. • https://www.exploit-db.com/exploits/24139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •