Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6173

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.3MEDIUM
EPSS
8.0%
top 7.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Liferay Liferay Enterprise Portal
Timeline
PublishedNov 30
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7wh2-f5fv-2c6f: Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 42022-05-01
CVEList
CVE-2007-6173: Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 42007-11-30

💥Exploits & PoCs

1
Exploit-DB
Liferay Portal 4.3.1 - Forgot-Password Cross-Site Scripting2007-11-27
CVE-2007-6173 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io