Lucene search
SecurityvulnsSECURITYVULNS:DOC:18526HistoryNov 29, 2007 - 12:00 a.m.
Liferay Enterprise Portal multiple XSS
2007-11-2900:00:00
vulners.com
73
Vendor Site: Liferay.net
Version affected: Liferay Enterprise Portal 4.3.1
Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password
Class: Input Validation Error
Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New Password" button.
Examples:
1."><script>alert('xss')</script>
2.<html><b>XSS</b></font></html>
3."><iframe>
Discovered by: Joshua Morin