Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Liferay Enterprise Portal service/impl/UserLocalServiceImpl.java 跨站脚本漏洞
Vulnerability Description
Liferay Portal 4.3.6的service/impl/UserLocalServiceImpl.java中的跨站脚本漏洞会允许远程攻击者通过用户代理 HTTP(在HTML格式中构建忘记密码电子邮件信息时使用)页眉来注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A