CVE-2008-0178

Name of the Vulnerable Software and Affected Versions Liferay Portal version 4.3.6

Description A cross-site scripting (XSS) issue exists in the Enterprise Admin Session Monitoring component, allowing remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.

Recommendations For Liferay Portal version 4.3.6, consider restricting access to the Enterprise Admin Session Monitoring component until a fix is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.