CVE-2011-1504

Current Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

Basic Data

PublishedMay 07, 2011
Last ModifiedMay 31, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLiferayPortal5.0.0rccommunity*****
    2.3ApplicationLiferayPortal5.0.1rccommunity*****
    2.3ApplicationLiferayPortal5.1.0*community*****
    2.3ApplicationLiferayPortal5.1.1*community*****
    2.3ApplicationLiferayPortal5.1.2*community*****
    2.3ApplicationLiferayPortal5.2.0*community*****
    2.3ApplicationLiferayPortal5.2.1*community*****
    2.3ApplicationLiferayPortal5.2.2*community*****
    2.3ApplicationLiferayPortal5.2.3*community*****
    2.3ApplicationLiferayPortal6.0.0*community*****
    2.3ApplicationLiferayPortal6.0.1*community*****
    2.3ApplicationLiferayPortal6.0.2*community*****
    2.3ApplicationLiferayPortal6.0.3*community*****
    2.3ApplicationLiferayPortal6.0.4*community*****
    2.3ApplicationLiferayPortal6.0.5*community*****

Vulnerable Software List

VendorProductVersions
Liferay Portal 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5

References

NameSourceURLTags
http://issues.liferay.com/browse/LPS-11506http://issues.liferay.com/browse/LPS-11506CONFIRM
http://issues.liferay.com/browse/LPS-12145http://issues.liferay.com/browse/LPS-12145MISC
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952CONFIRM
[oss-security] 20110329 CVE requests : Liferay 6.0.6http://openwall.com/lists/oss-security/2011/03/29/1MLIST
[oss-security] 20110408 Re: CVE requests : Liferay 6.0.6http://openwall.com/lists/oss-security/2011/04/08/5MLIST
[oss-security] 20110411 Re: CVE requests : Liferay 6.0.6http://openwall.com/lists/oss-security/2011/04/11/9MLIST