CVE-2011-1570

Liferay Portal CE <6.0.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

References (6)

[Issue Tracking, Vendor Advisory] http://issues.liferay.com/browse/LPS-12628

[Exploit, Issue Tracking, Vendor Advisory] http://issues.liferay.com/browse/LPS-13250

[Release Notes, Vendor Advisory] http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/03/29/1

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/04/08/5

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/04/11/9

Scores

EPSS 0.0065

EPSS Percentile 70.4%

Classification

CWE

CWE-79

Status published

Affected Products (2)

liferay/liferay_portal < 6.0.5

n/a/n/a

Timeline

Published May 07, 2011

Tracked Since Feb 18, 2026