CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1503
https://notcve.org/view.php?id=CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL. XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a 6.0.6 GA, cuando Apache Tomcat o Oracle GlassFish es usado, permite a usuarios remotos autenticados leer ficheros (1) XSL y (2) XML mediante la URL file:/// • http://issues.liferay.com/browse/LPS-13762 http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1502
https://notcve.org/view.php?id=CVE-2011-1502
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. Liferay Portal Community Edition (CE) v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una declaración de entidad junto con una referencia de entidad, relacionado con un asunto XML External Entity (también conocido como XXE) • http://issues.liferay.com/browse/LPS-14927 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2CVE-2011-1571 – Liferay XSL - Command Execution
https://notcve.org/view.php?id=CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores desconocidos. • https://www.exploit-db.com/exploits/18715 https://github.com/noobpk/CVE-2011-1571 http://issues.liferay.com/browse/LPS-14726 http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3742
https://notcve.org/view.php?id=CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Liferay Portal anterior a v5.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro p_p_id • http://issues.liferay.com/browse/LPS-6034 http://www.kb.cert.org/vuls/id/750796 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2009-1294 – Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1294
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en web/guest/home en el portal Liferay v4.3.0 en Novell Teaming v1.0 a SP3 (1.0.3) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) p_p_state or (2) p_p_mode. • https://www.exploit-db.com/exploits/32909 http://secunia.com/advisories/34714 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737 http://www.securityfocus.com/archive/1/502704/100/0/threaded http://www.securityfocus.com/bid/34531 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://www.sec-consult.com/files/20090415-0-novell-te • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •