Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
References 6 Total
- https://labs.integrity.pt/advisories/cve-2016-3670/
- exploit-db.com: 39880 exploit
- seclists.org: 20160601 CVE-2016-3670 Stored Cross Site Scripting in Liferay CE mailing-list
- https://issues.liferay.com/browse/LPS-62387
- securitytracker.com: 1036083 vdb-entry
- http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://labs.integrity.pt/advisories/cve-2016-3670/ x_transferred
- exploit-db.com: 39880 exploitx_transferred
- seclists.org: 20160601 CVE-2016-3670 Stored Cross Site Scripting in Liferay CE mailing-listx_transferred
- https://issues.liferay.com/browse/LPS-62387 x_transferred
- securitytracker.com: 1036083 vdb-entryx_transferred
- http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html x_transferred