Liferay Portal 6.2.0 CE GA1 Multiple XSS

medium Nessus Plugin ID 73521

Synopsis

The remote web server contains a Java application that is affected by multiple cross-site scripting vulnerabilities.

Description

According to its self-reported version number, the version of Liferay Portal running on the remote host is 6.2.0. It is, therefore, potentially affected by the following cross-site scripting vulnerabilities :

- Input passed from page titles is not sanitized before it is displayed in the Recycle Bin.

- Input passed from user profiles is not validated before being displayed in the Polls.

- Input passed from user profiles is not validated before being displayed in the History tab.

- Input passed from user profiles is not validated before displaying it to the admin.

- Input passed from user profiles is not validated before being displayed in the bookmarks.

- Input passed from the Look and Feel dialogs is not validated before being returned to the user.

- Input when displaying search results is not validated for various portlets.

- Input for scheduled publish-to-live events are not validated before being returned to users.

- Input from article titles is not validated before being displayed in the print mode.

- Input from page titles, when selecting a scope for a portlet, is not validated before being returned to the user.

- Input to the title of a post priority is not validated before being returned to the user.

- Input passed from page titles using the Site Map is not validated before being returned to the user.

- Input from page links in DDL is not validated before being returned to the user.

These flaws could allow a remote attacker with a specially crafted request to execute arbitrary code within the trust relationship between the browser and server.

Note that Nessus has not tested for these issues or determined if the patch has been applied but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Liferay Portal 6.2.1 or later.

See Also

http://www.nessus.org/u?db3b47ec

Plugin Details

Severity: Medium

ID: 73521

File Name: liferay_6_2_1.nasl

Version: 1.14

Type: remote

Published: 4/15/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:liferay:portal

Required KB Items: www/liferay_portal

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 2/13/2014

Vulnerability Publication Date: 2/13/2014

Reference Information

BID: 65553

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990