Liferay doesn't properly sanitize name of user agent in Enterprise Admin -> Monitoring -> Live Sessions ->
which allow to craft XSS attack targeted directly to Portal Administrator.
This vulnerability which conjunction with CSRF can lead to serious problems.
See other XSS and CSRF reports
User with access to any account on Liferay based portal
NOTE: Attack must set to User-Agent HTTP header before session is created (so User-Agent must present itself with attack from the beginning of User-Agent <-> Server interaction) !!!
EXAMPLE EXPLOIT AND VERIFICATION:
Please use software proxy that allows to modify HTTP traffic or write simple user-agent in f.e. Perl.
Set value of HTTP User-Agent to f.e (Internet Explorer + an attack).
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)<<script>script>alert('XSS !!!')<</script>/script>