[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Liferay Enterprise Portal multiple XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Liferay Enterprise Portal multiple XSS
From: morin.josh@xxxxxxxxx
Date: 27 Nov 2007 20:20:30 -0000

Vendor Site: Liferay.net
Version affected: Liferay Enterprise Portal 4.3.1 
Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password
Class: Input Validation Error

Overview: Liferay fails to sufficiently sanitize user-supplied input data in 
"email address" text box by pressing the "Send New Password" button.

Examples:
1."><script>alert('xss')</script>
2.<html><b>XSS</b></font></html>
3."><iframe>


Discovered by: Joshua Morin

Prev by Date: CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor
Next by Date: PHPSlideShow XSS Update
Previous by thread: CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor
Next by thread: PHPSlideShow XSS Update
Index(es):
- Date
- Thread