Unrated severityNVD Advisory· Published Feb 5, 2008· Updated Jun 16, 2026
CVE-2008-0179
CVE-2008-0179
Description
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:liferay:liferay_enterprise_portal:4.3.6:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/bid/27550nvdPatch
- www.kb.cert.org/vuls/id/888209nvdUS Government Resource
- secunia.com/advisories/28742nvd
- support.liferay.com/browse/LEP-4737nvd
News mentions
0No linked articles in our index yet.