Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

Remediation

References

CVE-2011-1570

Related Vulnerabilities

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)

WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.3.7)

Oracle HTTP Server Inadequate Encryption Strength Vulnerability (CVE-2013-2566)

WordPress Plugin Blog Designer Cross-Site Scripting (1.8.11)

Severity

Low

Classification

CVE-2011-1570 CWE-707

Tags

Missing Update Known Vulnerabilities