First published: Tue Feb 05 2008(Updated: )
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Liferay Enterprise Portal | =3.6.1 | |
Liferay Liferay Enterprise Portal | =4.3.1 | |
Liferay Liferay Enterprise Portal | =2.1.0 | |
Liferay Liferay Enterprise Portal | ||
Liferay Liferay Enterprise Portal | =2.1.1 | |
Liferay Liferay Enterprise Portal | =1.0 | |
Liferay Liferay Enterprise Portal | =2.2.0 | |
Liferay Liferay Enterprise Portal | =4.1.3 | |
Liferay Liferay Enterprise Portal | =4.1 | |
Liferay Liferay Enterprise Portal | =2.0 | |
Liferay Liferay Enterprise Portal | =4.3.6 | |
Liferay Liferay Enterprise Portal | =4.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.