CVE-2007-6055

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 4.1.0 through 4.1.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the login parameter in the /c/portal/login API endpoint. This issue reportedly occurred due to a regression following a fix at an earlier unspecified date.

Recommendations For Liferay Portal versions 4.1.0 and 4.1.1, consider restricting access to the /c/portal/login endpoint until a fix is available, and avoid using the login parameter in this endpoint to minimize the risk of exploitation.