TUCoPS :: Web :: CMS / Portals :: tb13608.htm

Liferay Enterprise Portal multiple XSS
Liferay Enterprise Portal multiple XSS
Liferay Enterprise Portal multiple XSS



Vendor Site: Liferay.net=0D
Version affected: Liferay Enterprise Portal 4.3.1 =0D
Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password=0D 
Class: Input Validation Error=0D
=0D
Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New Password" button.=0D
=0D
Examples:=0D
1.">=0D
2.XSS=0D
3.">