Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

Remediation

References

CVE-2011-1570

Related Vulnerabilities

Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28884)

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)

WordPress Plugin Email Subscribers & Newsletters Security Bypass (3.5.13)

Java Unspesificed Vulnerability (CVE-2020-14803)

Apache HTTP Server CVE-2007-3304 Vulnerability (CVE-2007-3304)

Severity

Low

Classification

CVE-2011-1570 CWE-707

Tags

Missing Update Known Vulnerabilities