CVE-2008-0179
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-0179
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Liferay Enterprise Portal service/impl/UserLocalServiceImpl.java 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Liferay Portal 4.3.6的service/impl/UserLocalServiceImpl.java中的跨站脚本漏洞会允许远程攻击者通过用户代理 HTTP(在HTML格式中构建忘记密码电子邮件信息时使用)页眉来注入任意web脚本或HTML。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-0179
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-0179
Please Login to view more intelligence information
- http://support.liferay.com/browse/LEP-4737x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2008-0179
Same Patch Batch · n/a · 2008-02-04 · 15 CVEs total
| CVE-2007-4130 | Linux 内核页面错误运用NUMA服务拒绝攻击漏洞 | |
| CVE-2008-0178 | Liferay Enterprise Portal Enterprise Admin Session Monitoring 组件 跨站脚本攻击漏洞 | |
| CVE-2008-0180 | Liferay Enterprise Portal init.vm 跨站脚本攻击漏洞 | |
| CVE-2008-0181 | Liferay Enterprise Portal Admin Portlet 跨站脚本漏洞 | |
| CVE-2008-0182 | liferay_enterprise_portal Admin端口 跨站脚本攻击漏洞 | |
| CVE-2008-0563 | liferay_enterprise_portal service/impl/UserLocalServiceImpl.java 跨站请求伪造漏洞 | |
| CVE-2007-6699 | AOL YGPPicEdit.dll ActiveX控件多个远程溢出漏洞 | |
| CVE-2008-0386 | xdg-utils 多个远程命令执行漏洞 | |
| CVE-2008-0557 | MamboServer CatalogShop SQL注入漏洞 | |
| CVE-2008-0558 | Uniwin eCart 多个跨站脚本攻击漏洞 | |
| CVE-2008-0559 | Nilson's Blogger 多个目录遍历漏洞 | |
| CVE-2008-0560 | contact_forms cforms cforms-css.php 远程文件包含漏洞 | |
| CVE-2008-0561 | Joomla! and Mambo AkoGallery Component index.php SQL注入漏洞 | |
| CVE-2008-0562 | Joomla!/Mambo com_restaurant 组件 index.php SQL注入漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2008-0179
No comments yet