CVE-2011-1570Cross-site Scripting in Portal

CWE-79Cross-site Scripting3 documents3 sources
Severity
3.5LOWNVD
CNA4.3
EPSS
0.6%
top 29.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Liferay Portal
Timeline
PublishedMay 7
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDliferay/liferay_portal6.0.06.0.5

🔴Vulnerability Details

2
GHSA
GHSA-gjpw-cmmh-976v: Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 62022-05-13
CVEList
CVE-2011-1570: Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 62011-05-07
CVE-2011-1570 — Cross-site Scripting in Liferay Portal | cvebase