CVE-2008-0563

Liferay Enterprise Portal - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.

References (1)

[Various Sources] http://support.liferay.com/browse/LEP-4737

Scores

EPSS 0.0012

EPSS Percentile 31.5%

Classification

CWE

CWE-352

Status draft

Affected Products (1)

liferay/liferay_enterprise_portal

Timeline

Published Feb 05, 2008

Tracked Since Feb 18, 2026