Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
liferay_enterprise_portal service/impl/UserLocalServiceImpl.java 跨站请求伪造漏洞
Vulnerability Description
Liferay Portal 4.3.6的service/impl/UserLocalServiceImpl.java中的跨站请求伪造漏洞允许远程攻击者借助User-Agent HTTP页眉以未明的认证用户进行未明操作。当以HTML格式对忘记密码(FORGET PASSWORD)E-mail信息进行排版时,User-Agent HTTP header就会被用到。
CVSS Information
N/A
Vulnerability Type
N/A