CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8349 – Liferay Portal 6.2 EE SP8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-8349
21 Nov 2014 — Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file. Vulnerabilidad de XSS en Liferay Portal Enterprise Edition (EE) 6.2 SP8 y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro _20_body en el campo de comentario en un fichero subido. Liferay... • http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •