Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Software | From | Fixed in |
---|---|---|
liferay / liferay_enterprise_portal | - | - |
liferay / liferay_enterprise_portal | 1.0 | 1.0.x |
liferay / liferay_enterprise_portal | 2.0 | 2.0.x |
liferay / liferay_enterprise_portal | 2.1.0 | 2.1.0.x |
liferay / liferay_enterprise_portal | 2.1.1 | 2.1.1.x |
liferay / liferay_enterprise_portal | 2.2.0 | 2.2.0.x |
liferay / liferay_enterprise_portal | 3.6.1 | 3.6.1.x |
liferay / liferay_enterprise_portal | 4.1 | 4.1.x |
liferay / liferay_enterprise_portal | 4.1.1 | 4.1.1.x |
liferay / liferay_enterprise_portal | 4.1.3 | 4.1.3.x |
liferay / liferay_enterprise_portal | 4.3.1 | 4.3.1.x |
liferay / liferay_enterprise_portal | 4.3.6 | 4.3.6.x |