CVE-2009-1294 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Liferay	Liferay Enterprise Portal
Novell	Teaming

Configuration 1 [-]

AND

OR	cpe:2.3:a:novell:teaming:1.0:::::::*
	cpe:2.3:a:novell:teaming:1.0.1:::::::*
	cpe:2.3:a:novell:teaming:1.0.2:::::::*
	cpe:2.3:a:novell:teaming:1.0.3:::::::*

cpe:2.3:a:liferay:liferay_enterprise_portal:4.3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/34714
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737
http://www.securityfocus.com/archive/1/502704/100/0/threaded
http://www.securityfocus.com/bid/34531
http://www.securitytracker.com/id?1022063
http://www.vupen.com/english/advisories/2009/1048
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-16T15:00:00

Updated: 2024-08-07T05:04:49.395Z

Reserved: 2009-04-14T00:00:00

Link: CVE-2009-1294

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-04-16T15:12:57.437

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1294

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/files/20090415-0-novell-teaming.txt"}, {"name": "ADV-2009-1048", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1048"}, {"name": "34714", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34714"}, {"name": "20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502704/100/0/threaded"}, {"name": "1022063", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022063"}, {"name": "34531", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34531"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1294", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737", "refsource": "CONFIRM", "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737"}, {"name": "https://www.sec-consult.com/files/20090415-0-novell-teaming.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/files/20090415-0-novell-teaming.txt"}, {"name": "ADV-2009-1048", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1048"}, {"name": "34714", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34714"}, {"name": "20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502704/100/0/threaded"}, {"name": "1022063", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022063"}, {"name": "34531", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34531"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:49.395Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sec-consult.com/files/20090415-0-novell-teaming.txt"}, {"name": "ADV-2009-1048", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1048"}, {"name": "34714", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34714"}, {"name": "20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502704/100/0/threaded"}, {"name": "1022063", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022063"}, {"name": "34531", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34531"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1294", "datePublished": "2009-04-16T15:00:00", "dateReserved": "2009-04-14T00:00:00", "dateUpdated": "2024-08-07T05:04:49.395Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:teaming:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6512E489-A272-4A6F-919D-E947E49CC0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:teaming:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D04F150F-BFA8-49BF-BA7A-2FEA386D60B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:teaming:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1135D3D2-92DC-424C-986C-034EFEC343DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:teaming:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EBB9853-7AC0-4169-853B-4DED8B59FCC0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:liferay_enterprise_portal:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "79819957-E04A-422D-A5F9-EC597C1BE32C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en web/guest/home en el portal Liferay v4.3.0 en Novell Teaming v1.0 a SP3 (1.0.3) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) p_p_state or (2) p_p_mode."}], "id": "CVE-2009-1294", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-04-16T15:12:57.437", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34714"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/502704/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34531"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022063"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1048"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.sec-consult.com/files/20090415-0-novell-teaming.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/502704/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.sec-consult.com/files/20090415-0-novell-teaming.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}