cbcvebase.
CVE-2014-8349
published 2014-11-24

CVE-2014-8349: Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary…

low3.5CVSS 3.1
AVNACMAuSCNIPAN
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.

Affected

1 ranges
VendorProductVersion rangeFixed in
liferayliferay_portal<= 6.2