Cross-Site Scripting Vulnerability in Liferay Enterprise Portal by Liferay
CVE-2007-6173

Currently unrated

Key Information:

Vendor: Liferay
Status: Liferay Enterprise Portal
Vendor: CVE Published:; 30 November 2007

What is CVE-2007-6173?

A cross-site scripting vulnerability exists in Liferay Enterprise Portal 4.3.1, which can be exploited by attackers to inject arbitrary web scripts or HTML into the application. This can occur through the emailAddress parameter during the 'Send New Password' action, posing a threat to users who may unknowingly execute harmful scripts. This vulnerability represents a significant risk as it allows for the potential manipulation of user sessions and could lead to the exposure of sensitive information.

References

http://www.vupen.com/english/advisories/2009/1048

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/34714

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/26606

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2007
Vulnerability Reserved
Nov 29, 2007