XSS Vulnerability in Liferay Portal Enterprise Affects Multiple Versions
CVE-2005-4400

Currently unrated

Key Information:

Vendor: Liferay
Status: Liferay Portal Enterprise
Vendor: CVE Published:; 20 December 2005

What is CVE-2005-4400?

A cross-site scripting (XSS) vulnerability exists in Liferay Portal Enterprise versions 3.6.1 and earlier. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the web application. The exploitation of this vulnerability occurs through manipulation of certain parameters, specifically the _77_struts_action, p_p_mode, and p_p_state parameters, potentially leading to unauthorized actions or theft of sensitive information.

References

http://secunia.com/advisories/18116

third-party-advisoryx_refsource_SECUNIA

http://pridels0.blogspot.com/2005/12/liferay-portal-enter...

x_refsource_MISC

http://www.osvdb.org/21812

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2005
Vulnerability Reserved
Dec 20, 2005