CVE-2009-3742

Liferay Portal < 5.2.3 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter.

References (2)

[Vendor Advisory] http://issues.liferay.com/browse/LPS-6034

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/750796

Scores

EPSS 0.0069

EPSS Percentile 71.5%

Classification

CWE

CWE-79

Status published

Affected Products (2)

liferay/liferay_portal < 5.2.3

n/a/n/a

Timeline

Published Jan 07, 2010

Tracked Since Feb 18, 2026