Shodan
Vulnerabilities
Vulnerable Software
Liferay:  Security Vulnerabilities
CVE-2011-1570
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
CVSS Score
3.5
EPSS Score
0.006
Published
2011-05-07
CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
CVSS Score
6.8
EPSS Score
0.074
Published
2011-05-07
CVE-2011-1502
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
CVSS Score
4.0
EPSS Score
0.005
Published
2011-05-07
CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
CVSS Score
3.5
EPSS Score
0.007
Published
2011-05-07
CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter.
CVSS Score
4.3
EPSS Score
0.006
Published
2010-01-07
CVE-2009-1294
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
CVSS Score
4.3
EPSS Score
0.025
Published
2009-04-16
CVE-2008-0178
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVSS Score
4.3
EPSS Score
0.026
Published
2008-02-05
CVE-2008-0179
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
CVSS Score
2.6
EPSS Score
0.008
Published
2008-02-05
CVE-2008-0180
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
CVSS Score
4.3
EPSS Score
0.006
Published
2008-02-05
CVE-2008-0181
Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.
CVSS Score
4.3
EPSS Score
0.006
Published
2008-02-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved