oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE requests : Liferay 6.0.6

From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 29 Mar 2011 09:35:53 +0200
Hello,

version 6.0.6 of Liferay correct 3 security vulnerabilities related to
the processing of XSLT content and 2 XSS.

The full 6.0.6 Changelog :
http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

Remote command execution :
http://issues.liferay.com/browse/LPS-14726

Arbitrary file disclosure via XXE :
http://issues.liferay.com/browse/LPS-14927

XSL/XML file disclosure via file:// :
http://issues.liferay.com/browse/LPS-13762

XSS vulnerability :
http://issues.liferay.com/browse/LPS-11506

XSS in message boards :
http://issues.liferay.com/browse/LPS-12628

Regards,
Nicolas Grégoire
Previous By Date Next
Previous By Thread Next

Current thread: