CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4400

Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.024

EPSS Ranking 84.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://pridels0.blogspot.com/2005/12/liferay-portal-enterprise-361-xss.html
http://secunia.com/advisories/18116
http://www.osvdb.org/21812
http://www.securityfocus.com/bid/15951
http://pridels0.blogspot.com/2005/12/liferay-portal-enterprise-361-xss.html
http://secunia.com/advisories/18116
http://www.osvdb.org/21812
http://www.securityfocus.com/bid/15951

Products affected by CVE-2005-4400

Liferay » Liferay Portal Enterprise » Version: Any

cpe:2.3:a:liferay:liferay_portal_enterprise:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4400

Products

Pricing

Contact Us