CVE-2008-0178

2008-02-0423:00:00

certcc

www.cve.org

cve-2008-0178

cross-site scripting

liferay portal 4.3.6

user-agent header

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.

References

secunia.com/advisories/28742

support.liferay.com/browse/LEP-4736

www.kb.cert.org/vuls/id/326065

www.securityfocus.com/bid/27547