CVE-2011-1504

Published May 7, 2011

Last updated 14 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.0.0:rc:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86AD6094-E4EB-475E-A374-978CD00AA5AC"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.0.1:rc:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A014F89-F957-488F-9FF4-67F9EE9EE4A8"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.1.0:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3263932E-3A41-41E3-9F77-73FC51B213C8"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.1.1:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B16B7BDA-AAE9-4833-91E6-587DAC61E5CD"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.1.2:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6E3F406-1FE1-4321-9273-1F017648A7E0"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.2.0:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82F1E696-9040-4D4A-BA99-E745EC085B9C"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.2.1:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFAADC3E-80FB-4135-B489-EC02A9A41382"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.2.2:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65690437-8494-4D96-B2B2-99DCAD7A4688"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:5.2.3:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E399C486-E3E1-4338-8D04-1D8263FD0DEF"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:6.0.0:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4F553E6-7DFE-473D-8EBF-BBB85F013AD6"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:6.0.1:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDBB1E2F-9F65-482A-8C85-1E2D9FD13DC1"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:6.0.2:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B280448B-071C-4285-8E3B-45E5CAD397B8"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:6.0.3:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D702FD60-1FDA-48D1-A534-2637B7F130E4"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:6.0.4:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CC37883-18D2-416B-B960-53EF92F3125E"
          },
          {
            "criteria": "cpe:2.3:a:liferay:portal:6.0.5:*:community:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1782D8A-DC53-4639-8313-EA7715CADCBE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References