Cross-Site Scripting in Liferay Portal Affects User-Agent Header Processing
CVE-2008-0179

Currently unrated

Key Information:

Vendor

Liferay
Status
Liferay Enterprise Portal
Vendor
CVE Published:
5 February 2008

What is CVE-2008-0179?

A cross-site scripting vulnerability exists in Liferay Portal 4.3.6, specifically affecting the UserLocalServiceImpl.java component. This flaw allows remote attackers to inject malicious web scripts or HTML code through the User-Agent HTTP header. The vulnerability is particularly concerning as it facilitates exploitation during the composition of 'Forgot Password' email messages in HTML format, potentially compromising user data and platform integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://support.liferay.com/browse/LEP-4737
x_refsource_CONFIRM
http://secunia.com/advisories/28742
third-party-advisoryx_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/888209
third-party-advisoryx_refsource_CERT-VN

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.