CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2008-0180
https://notcve.org/view.php?id=CVE-2008-0180
04 Feb 2008 — Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. Vulnerabilidad de secuencias de comandos en sitios cruzados en themes/_unstyled/templates/init.vm en Liferay Portal 4.3.6. Permite a usuarios autenticados remotamente inyectar scripts web o HTMLs arbitrarios a través del campo Greeting en un Perfil de Usuario. • http://secunia.com/advisories/28742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0182
https://notcve.org/view.php?id=CVE-2008-0182
04 Feb 2008 — Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el portlet Admin de Liferay Portal en versiones anteriores a 4.4.0. Permite a usuario autenticados remotamente realizar acciones sin especificar como otros usuarios autenticados sin especificar a través del ... • http://secunia.com/advisories/28742 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 1CVE-2004-2030 – Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2030
22 May 2004 — Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. • https://www.exploit-db.com/exploits/24139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •