PT-2014-8481 · Liferay · Liferay Portal Enterprise Edition

Published

2014-11-24

Updated

2015-08-06

CVE-2014-8349

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal Enterprise Edition (EE) versions 6.2 SP8 and earlier

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the 20 body parameter in the comment field in an uploaded file.

Recommendations For versions 6.2 SP8 and earlier, as a temporary workaround, consider restricting access to the comment field in uploaded files until a patch is available. Avoid using the 20 body parameter in the comment field to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2014-8349

Affected Products

Liferay Portal Enterprise Edition

PT-2014-8481 · Liferay · Liferay Portal Enterprise Edition

CVE-2014-8349

Weakness Enumeration

Related Identifiers

Affected Products

References · 5