RSS   Vulnerabilities for 'Portal'   RSS

2011-05-07
 
CVE-2011-1571

CWE-noinfo
 

 
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

 
 
CVE-2011-1570

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

 
 
CVE-2011-1504

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

 
 
CVE-2011-1503

CWE-200
 

 
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

 
 
CVE-2011-1502

CWE-200
 

 
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

 
2007-11-20
 
CVE-2007-6055

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date.

 

 >>> Vendor: Liferay 7 Products
Liferay enterprise portal
Liferay portal enterprise
Portal
Liferay portal
Liferay
DXP
Digital experience platform


Copyright 2024, cxsecurity.com

 

Back to Top