Unrated severityNVD Advisory· Published May 7, 2011· Updated Jun 16, 2026
CVE-2011-1504
CVE-2011-1504
Description
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16cpe:2.3:a:liferay:portal:5.0.0:rc:community:*:*:*:*:*+ 14 more
- cpe:2.3:a:liferay:portal:5.0.0:rc:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.0.1:rc:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.1.0:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.1.1:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.1.2:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.2.0:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.2.1:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.2.2:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:5.2.3:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:6.0.0:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:6.0.1:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:6.0.2:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:6.0.3:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:6.0.4:*:community:*:*:*:*:*
- cpe:2.3:a:liferay:portal:6.0.5:*:community:*:*:*:*:*
- Range: >=5.0, <6.0.6 GA
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.