Cross-Site Scripting in Liferay Portal Affects User-Agent Header Processing
CVE-2008-0179
Currently unrated
What is CVE-2008-0179?
A cross-site scripting vulnerability exists in Liferay Portal 4.3.6, specifically affecting the UserLocalServiceImpl.java component. This flaw allows remote attackers to inject malicious web scripts or HTML code through the User-Agent HTTP header. The vulnerability is particularly concerning as it facilitates exploitation during the composition of 'Forgot Password' email messages in HTML format, potentially compromising user data and platform integrity.