CVEDB API

Vulnerabilities

Vulnerable Software

Liferay: >> Liferay Enterprise Portal >> 4.3.6 Security Vulnerabilities

CVE-2008-0178

Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.

CVSS Score

4.3

EPSS Score

0.026

Published

2008-02-05

CVE-2008-0179

Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.

CVSS Score

2.6

EPSS Score

0.008

Published

2008-02-05

CVE-2008-0180

Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.

CVSS Score

4.3

EPSS Score

0.006

Published

2008-02-05

CVE-2008-0181

Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.

CVSS Score

4.3

EPSS Score

0.006

Published

2008-02-05

CVE-2008-0563

Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.

CVSS Score

4.3

EPSS Score

0.001

Published

2008-02-05

Page 1

Vulnerabilities

Vulnerable Software

Liferay: >> Liferay Enterprise Portal >> 4.3.6 Security Vulnerabilities

Products

Pricing

Contact Us