CVE-2008-0180

Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Configurations

Configuration 1

cpe:2.3:a:liferay:liferay_enterprise_portal:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:1.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:4.1:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:2.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_enterprise_portal:4.1.1:*:*:*:*:*:*:*

Information

Published : 2008-02-05 12:00

Updated : 2008-09-05 09:34


NVD link : CVE-2008-0180

Mitre link : CVE-2008-0180

Products Affected
No products.
CWE