CVE-2008-0180

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

1.4%

top 19.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liferay Liferay Enterprise Portal

Timeline

PublishedFeb 5

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDliferay/liferay_enterprise_portal11 versions+10

🔴Vulnerability Details

GHSA

GHSA-w6gr-v7vh-5878: Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init↗2022-05-01

▶

CVEList

CVE-2008-0180: Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init↗2008-02-04

▶