Vulnerability Note VU#732449
Liferay Portal User Profile Greeting stored XSS
Overview
Liferay Portal fails to properly validate the User Profile "Greeting" value, which can allow script to execute when a user logs into the portal.
Description
Liferay Portal is an enterprise portal solution that uses Java technologies. The User Profile "Greeting" value of Liferay Portal fails to properly sanitize input. |
Impact
An authenticated user may be able to inject script into the "Greeting" for the portal. |
Solution
Apply an update This issue is addressed in Liferay versions 4.4.0 and 4.3.7, as specified in Liferay support document LEP-4738. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Liferay, Inc. | Affected | - | 31 Jan 2008 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Tomasz Kuczynski for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
- CVE IDs: CVE-2008-0180
- Date Public: 10 Jan 2008
- Date First Published: 31 Jan 2008
- Date Last Updated: 31 Jan 2008
- Severity Metric: 0.11
- Document Revision: 1
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.