Cross-Site Scripting Vulnerabilities in Liferay Portal
CVE-2004-2030

Currently unrated

Key Information:

Vendor: Liferay
Status: Liferay Enterprise Portal
Vendor: CVE Published:; 22 May 2004

What is CVE-2004-2030?

Liferay Portal versions prior to 2.2.0 are susceptible to multiple cross-site scripting (XSS) vulnerabilities in the index.jsp file. These flaws allow remote attackers to inject arbitrary web scripts or HTML into the application, potentially compromising user interaction and trust. The vulnerability can specifically be exploited through the message subject field, enabling attackers to craft malicious payloads that execute client-side scripts in the context of a victim’s browser session.

References

http://marc.info/?l=bugtraq&m=110141194202856&w=2

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1010259

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/11692

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
May 22, 2004