Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Enterprise Portal | 4.3.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28742Vendor Advisory
- http://support.liferay.com/browse/LEP-4739
- http://www.kb.cert.org/vuls/id/217825US Government Resource
- http://www.securityfocus.com/bid/27554Patch
- http://secunia.com/advisories/28742Vendor Advisory
- http://support.liferay.com/browse/LEP-4739
- http://www.kb.cert.org/vuls/id/217825US Government Resource
- http://www.securityfocus.com/bid/27554Patch
FAQ
What is CVE-2008-0181?
CVE-2008-0181 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.
How severe is CVE-2008-0181?
CVE-2008-0181 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0181?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Enterprise Portal.