CVE-2008-0181

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

1.4%

top 19.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liferay Liferay Enterprise Portal

Timeline

PublishedFeb 5

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDliferay/liferay_enterprise_portal4.3.6

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x44x-w9hc-7q9v: Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4↗2022-05-01

▶

CVEList

CVE-2008-0181: Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4↗2008-02-04

▶

💬Community

Bugzilla

CVE-2008-3279 brltty: insecure relative RPATH↗2008-08-05

▶