CVE-2004-2030
Liferay Enterprise Portal < 2.2.0 - Cross-Site Scripting via Message Subject
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-2030. PoCs published by Sandeep Giri.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Liferay Enterprise Portal where user-supplied input in message subjects is not properly sanitized. The example demonstrates how injecting a script tag can disrupt the message board functionality.
Description
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in Liferay Enterprise Portal where user-supplied input in message subjects is not properly sanitized. The example demonstrates how injecting a script tag can disrupt the message board functionality.