Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6173

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6173
Last Modified 07 Mar 2011 10:02:05
Published 29 Nov 2007 07:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6173

Summary

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Liferay Enterprise Portal 4.3.1


References

VUPEN - ADV-2009-1048

VUPEN - ADV-2007-4027

SECTRACK - 1022063

BID - 26606

BUGTRAQ - 20071127 Liferay Enterprise Portal multiple XSS

SECUNIA - 34714

SECUNIA - 27821

OSVDB - 38891

SECTRACK - 1019003

SREASON - 3404


Last Updated: 27 May 2016 10:46:24