Cross-site Scripting Vulnerability in Liferay Portal by Liferay
CVE-2008-0181

Currently unrated

Key Information:

Vendor: Liferay
Status: Liferay Enterprise Portal
Vendor: CVE Published:; 5 February 2008

What is CVE-2008-0181?

The vulnerability involves the Admin portlet in Liferay Portal 4.3.6, which allows remote authenticated users to inject arbitrary web scripts or HTML code via the Shutdown message. This could potentially enable attackers to execute harmful scripts in the context of the user's session, impacting user data security and application integrity.

References

http://secunia.com/advisories/28742

third-party-advisoryx_refsource_SECUNIA

http://www.kb.cert.org/vuls/id/217825

third-party-advisoryx_refsource_CERT-VN

http://support.liferay.com/browse/LEP-4739

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 5, 2008