CVE-2009-1294

Name of the Vulnerable Software and Affected Versions Novell Teaming versions 1.0 through 1.0.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Liferay 4.3.0 portal within Novell Teaming. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the p p state or p p mode parameters in the web/guest/home section.

Recommendations For Novell Teaming versions 1.0 through 1.0.3, consider restricting access to the vulnerable parameters p p state and p p mode in the web/guest/home section to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.