CVE-2014-2963
https://notcve.org/view.php?id=CVE-2014-2963
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter. Múltiples vulnerabilidades de XSS en group/control_panel/manage en Liferay Portal 6.1.2 CE GA3, 6.1.X EE y 6.2.X EE permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) _2_firstName, (2) _2_lastName o (3) _2_middleName. • http://www.kb.cert.org/vuls/id/100972 https://github.com/samuelkong/liferay-portal/pull/610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1504
https://notcve.org/view.php?id=CVE-2011-1504
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a v6.0.6 GA permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través del título blog. • http://issues.liferay.com/browse/LPS-11506 http://issues.liferay.com/browse/LPS-12145 http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1570
https://notcve.org/view.php?id=CVE-2011-1570
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Liferay Portal Community Edition (CE) v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través de un mensaje titulo, una vulnerabilidad diferente a CVE-2004-2030. • http://issues.liferay.com/browse/LPS-12628 http://issues.liferay.com/browse/LPS-13250 http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1503
https://notcve.org/view.php?id=CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL. XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a 6.0.6 GA, cuando Apache Tomcat o Oracle GlassFish es usado, permite a usuarios remotos autenticados leer ficheros (1) XSL y (2) XML mediante la URL file:/// • http://issues.liferay.com/browse/LPS-13762 http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1502
https://notcve.org/view.php?id=CVE-2011-1502
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. Liferay Portal Community Edition (CE) v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una declaración de entidad junto con una referencia de entidad, relacionado con un asunto XML External Entity (también conocido como XXE) • http://issues.liferay.com/browse/LPS-14927 http://openwall.com/lists/oss-security/2011/03/29/1 http://openwall.com/lists/oss-security/2011/04/08/5 http://openwall.com/lists/oss-security/2011/04/11/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •