VYPR
Unrated severityNVD Advisory· Published May 7, 2011· Updated Jun 16, 2026

CVE-2011-1504

CVE-2011-1504

Description

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • Liferay/Portal15 versions
    cpe:2.3:a:liferay:portal:5.0.0:rc:community:*:*:*:*:*+ 14 more
    • cpe:2.3:a:liferay:portal:5.0.0:rc:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.0.1:rc:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.1.0:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.1.1:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.1.2:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.2.0:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.2.1:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.2.2:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:5.2.3:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:6.0.0:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:6.0.1:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:6.0.2:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:6.0.3:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:6.0.4:*:community:*:*:*:*:*
    • cpe:2.3:a:liferay:portal:6.0.5:*:community:*:*:*:*:*
  • Range: >=5.0, <6.0.6 GA

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.