PT-2014-8481 · Liferay · Liferay Portal Enterprise Edition

Publicado

2014-11-24

Atualizado

2015-08-06

CVE-2014-8349

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal Enterprise Edition (EE) versions 6.2 SP8 and earlier

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the 20 body parameter in the comment field in an uploaded file.

Recommendations For versions 6.2 SP8 and earlier, as a temporary workaround, consider restricting access to the comment field in uploaded files until a patch is available. Avoid using the 20 body parameter in the comment field to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-8349

Produtos afetados

Liferay Portal Enterprise Edition

PT-2014-8481 · Liferay · Liferay Portal Enterprise Edition

CVE-2014-8349

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5