Exploit Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities

[Exploiter]

EDB-ID

24139

Проверка EDB

1. Пройдено

Автор

SANDEEP GIRI

Тип уязвимости

WEBAPPS

Платформа

JSP

CVE

cve-2004-2030

Дата публикации

2004-05-22

source: https://www.securityfocus.com/bid/10402/info

It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal. 


Test:
Add a message with subject <script>history.go(-1)</script>
Now, no user can see message board.