Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-6173. PoCs published by Joshua Morin.
AI-analyzed exploit summary This is a simple XSS proof-of-concept for CVE-2007-6173, demonstrating how unsanitized input in Liferay Portal can execute arbitrary JavaScript. The payload includes basic XSS vectors like script tags and iframes.
Description
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.
Exploits (1)
This is a simple XSS proof-of-concept for CVE-2007-6173, demonstrating how unsanitized input in Liferay Portal can execute arbitrary JavaScript. The payload includes basic XSS vectors like script tags and iframes.