CVE-2014-8349

EPSS 0.25% · P49 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-8349

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Liferay Portal 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Liferay Portal是美国Liferay公司的一套基于J2EE的门户解决方案，它使用了EJB以及JMS等技术，并可作为Web发布和共享工作区、企业协作平台、社交网络等。Enterprise Edition（EE）是一个企业版。 Liferay Portal EE 6.2 SP8及之前版本中存在跨站脚本漏洞。远程攻击者可借助上传文件的comment字段中的‘the _20_body’参数利用该漏洞注入任意Web脚本或HTML。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-8349

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-8349

Please Login to view more intelligence information

http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.htmlx_refsource_MISC
http://www.securitytracker.com/id/1031255vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2014-8349

Same Patch Batch · n/a · 2014-11-24 · 38 CVEs total

CVE-2014-7846		Moodle 权限许可和访问控制问题漏洞
CVE-2014-7831		Moodle 信息泄露漏洞
CVE-2014-7832		Moodle LTI模块权限许可和访问控制问题漏洞
CVE-2014-7833		Moodle‘mod/data/edit.php’脚本信息泄露漏洞
CVE-2014-7834		Moodle 权限许可和访问控制问题漏洞
CVE-2014-7835		Moodle 跨站脚本漏洞
CVE-2014-7836		Moodle LTI模块跨站请求伪造漏洞
CVE-2014-7837		Moodle‘mod/wiki/admin.php’权限许可和访问控制问题漏洞
CVE-2014-7838		Moodle Forum模块跨站请求伪造漏洞
CVE-2014-7845		Moodle 信任管理问题漏洞
CVE-2014-7830		Moodle Feedback模块跨站脚本漏洞
CVE-2014-7847		Moodle 资源管理错误漏洞
CVE-2014-7848		Moodle 信息泄露漏洞
CVE-2014-9059		Moodle 跨站脚本漏洞
CVE-2014-9060		Moodle LTI模块输入验证错误漏洞
CVE-2014-5314		多款Cybozu产品缓冲区溢出漏洞
CVE-2014-5325		Direct Web Remoting 信息泄露漏洞
CVE-2014-5326		Direct Web Remoting 跨站脚本漏洞
CVE-2010-5312		jQuery UI 跨站脚本漏洞
CVE-2014-8417		Digium Asterisk和Certified Asterisk ConfBridge 权限许可和访问控制漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-8349

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-8349

I. Basic Information for CVE-2014-8349

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-8349

III. Intelligence Information for CVE-2014-8349

Same Patch Batch · n/a · 2014-11-24 · 38 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-8349

Leave a comment