{"vuid":"VU#750796","idnumber":"750796","name":"Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting","keywords":["Lifearay","xss","cross-ste scripting"],"overview":"Liferay Portal is vulnerable to persistent cross-site scripting via the p_p_id parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator.","clean_desc":"Liferay Portal is a web portal that can provide Java applets that adhere to the JSR 168 portlet specification. Liferay is available as a free community-supported version and also a commercial enterprise version. Liferay Portal fails to properly sanitize data that is provided by the p_p_id parameter, which can be provided without authentication as part of an HTTP GET request. The provided data is placed into a database, where it can be displayed to an administrator in another page, such as the Plugins Configuration section of the Control Panel. This allows for persistent cross-site scripting (XSS).","impact":"A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the portal administrator.","resolution":"Apply an update\nThis issue is addressed in Liferay Portal 5.3.0. Please see Liferay issue LPS-6034 for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Tomasz Kuczynski for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://issues.liferay.com/browse/LPS-6034","http://jcp.org/en/jsr/detail?id=168"],"cveids":["CVE-2009-3742"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-11-13T14:10:48Z","publicdate":"2010-01-05T00:00:00Z","datefirstpublished":"2010-01-05T19:25:52Z","dateupdated":"2010-01-05T19:26:01Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"18","cam_attackeraccessrequired":"16","cam_scorecurrent":"8.64","cam_scorecurrentwidelyknown":"13.824","cam_scorecurrentwidelyknownexploited":"22.464","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.64,"vulnote":null}