Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1570

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-1570
Last Modified 31 May 2011 12:00:00
Published 07 May 2011 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1570

Summary

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

Vulnerable Systems

Application

  • Liferay Portal 6.0.0

  • Liferay Portal 6.0.1

  • Liferay Portal 6.0.2

  • Liferay Portal 6.0.3

  • Liferay Portal 6.0.4

  • Liferay Portal 6.0.5


References

MLIST - [oss-security] 20110411 Re: CVE requests : Liferay 6.0.6

MLIST - [oss-security] 20110408 Re: CVE requests : Liferay 6.0.6

MLIST - [oss-security] 20110329 CVE requests : Liferay 6.0.6

CONFIRM - http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

CONFIRM - http://issues.liferay.com/browse/LPS-13250

CONFIRM - http://issues.liferay.com/browse/LPS-12628


Last Updated: 27 May 2016 10:56:22