Vulnerability Description
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Enterprise Portal | 4.3.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28742
- http://support.liferay.com/browse/LEP-4737
- http://www.kb.cert.org/vuls/id/888209US Government Resource
- http://www.securityfocus.com/bid/27550Patch
- http://secunia.com/advisories/28742
- http://support.liferay.com/browse/LEP-4737
- http://www.kb.cert.org/vuls/id/888209US Government Resource
- http://www.securityfocus.com/bid/27550Patch
FAQ
What is CVE-2008-0179?
CVE-2008-0179 is a vulnerability with a CVSS score of 2.6 (LOW). Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
How severe is CVE-2008-0179?
CVE-2008-0179 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0179?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Enterprise Portal.