CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0182
https://notcve.org/view.php?id=CVE-2008-0182
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el portlet Admin de Liferay Portal en versiones anteriores a 4.4.0. Permite a usuario autenticados remotamente realizar acciones sin especificar como otros usuarios autenticados sin especificar a través del mensaje de Shutdown (apagado). • http://secunia.com/advisories/28742 http://support.liferay.com/browse/LEP-4739 http://www.kb.cert.org/vuls/id/767825 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0563
https://notcve.org/view.php?id=CVE-2008-0563
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en service/impl/UserLocalServiceImpl.java de Liferay Portal 4.3.6. Permite a atacantes remotos realizar acciones sin especificar como usuarios autenticados sin especificar a través de la cabecera User-Agent HTTP, la cual se usa redactando e-mails de Olvido de Contraseña en formato HTML. • http://support.liferay.com/browse/LEP-4737 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2007-6173 – Liferay Portal 4.3.1 - Forgot-Password Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6173
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en c/portal/login de Liferay Enterprise Portal 4.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro emailAddress en una acción de envío de nueva contraseña (Send New Password), un vector diferente de CVE-2007-6055. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/30817 http://osvdb.org/38891 http://secunia.com/advisories/27821 http://secunia.com/advisories/34714 http://securityreason.com/securityalert/3404 http://www.securityfocus.com/archive/1/484286/100/0/threaded http://www.securityfocus.com/bid/26606 http://www.securitytracker.com/id?1019003 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2007/4027 http://www.vupen.com/english/advisories/2009/1048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2007-6055 – Liferay Portal 4.1 Login Script - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6055
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en c/portal/login en Liferay Portal 4.1.0 y 4.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro login. NOTA: Este asunto segun se informa existe debido a una regresión de la que siguió una corrección en una fecha no especificada anteriormente. • https://www.exploit-db.com/exploits/30774 http://osvdb.org/38702 http://secunia.com/advisories/27537 http://secunia.com/advisories/34714 http://securityreason.com/securityalert/3379 http://www.procheckup.com/Vulnerability_PR07-02.php http://www.securityfocus.com/archive/1/483777/100/0/threaded http://www.securityfocus.com/bid/26470 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://exchange.xforce.ibmcloud.com/vulnerabilities/38503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4400 – Liferay Portal Enterprise 3.6.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-4400
Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. • https://www.exploit-db.com/exploits/26884 http://pridels0.blogspot.com/2005/12/liferay-portal-enterprise-361-xss.html http://secunia.com/advisories/18116 http://www.osvdb.org/21812 http://www.securityfocus.com/bid/15951 •