CVE-2011-1570

Liferay Portal 6.0.0-6.0.5 - Authenticated Cross-Site Scripting via Message Title

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

References (6)

Core 6

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/08/5

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/11/9

Issue Tracking, Vendor Advisory x_refsource_confirm

http://issues.liferay.com/browse/LPS-12628

Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm

http://issues.liferay.com/browse/LPS-13250

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/03/29/1

Release Notes, Vendor Advisory x_refsource_confirm

http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

Scores

EPSS 0.0065

EPSS Percentile 71.0%

Details

CWE

CWE-79

Status published

Products (1)

liferay/liferay_portal 6.0.0 - 6.0.5

Published May 07, 2011

Tracked Since Feb 18, 2026