CVE-2009-1294
Published Apr 16, 2009
Last updated 6 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:teaming:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6512E489-A272-4A6F-919D-E947E49CC0FA"
},
{
"criteria": "cpe:2.3:a:novell:teaming:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D04F150F-BFA8-49BF-BA7A-2FEA386D60B4"
},
{
"criteria": "cpe:2.3:a:novell:teaming:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1135D3D2-92DC-424C-986C-034EFEC343DD"
},
{
"criteria": "cpe:2.3:a:novell:teaming:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EBB9853-7AC0-4169-853B-4DED8B59FCC0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liferay:liferay_enterprise_portal:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79819957-E04A-422D-A5F9-EC597C1BE32C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]