Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

Remediation

References

CVE-2011-1570

Related Vulnerabilities

Jboss EAP Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2017-7536)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45369)

PHPFusion Multiple SQL Injection Vulnerabilities (CVE-2014-8596)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8156)

WordPress Plugin iPanorama 360 WordPress Virtual Tour Builder Cross-Site Scripting (1.6.21)

Severity

Low

Classification

CVE-2011-1570 CWE-707

Tags

Missing Update Known Vulnerabilities