source: http://www.securityfocus.com/bid/10402/info It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal. Test: Add a message with subject <script>history.go(-1)</script> Now, no user can see message board.
Related ExploitsTrying to match CVEs (1): CVE-2004-2030
Trying to match OSVDBs (1): 6346
Other Possible E-DB Search Terms: Liferay Enterprise Portal 1.x/2.x/5.0.2, Liferay Enterprise Portal 1.x, Liferay Enterprise Portal
|2008-01-31||Liferay Enterprise Portal 4.3.6 - User-Agent HTTP Header Cross-Site Scripting||Tomasz Kuczynski|