Filtered by vendor Liferay
Subscriptions
Total
174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1502 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A |
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | ||||
CVE-2010-5327 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A |
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | ||||
CVE-2009-3742 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter. | ||||
CVE-2009-1294 | 2 Liferay, Novell | 2 Liferay Enterprise Portal, Teaming | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. | ||||
CVE-2008-0563 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | ||||
CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | ||||
CVE-2008-0181 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | ||||
CVE-2008-0180 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | ||||
CVE-2008-0179 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | ||||
CVE-2008-0178 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
CVE-2007-6173 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information. | ||||
CVE-2007-6055 | 1 Liferay | 1 Portal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. | ||||
CVE-2005-4400 | 1 Liferay | 1 Liferay Portal Enterprise | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | ||||
CVE-2004-2030 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. |