CVE-2016-3670
MEDIUM6.1EPSS 9.3%Liferay Portal Vulnerable to XSS in Profile Search Functionality
發布日:2022/5/17修改日:2025/8/8
描述
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay (before 7.0.0 CE RC1) allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
受影響套件(1)
- Maven/com.liferay:com.liferay.portal.search.webfrom 0, < 1.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-3670
- PATCHhttps://github.com/liferay/liferay-portal
- WEBhttp://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html
- WEBhttp://seclists.org/fulldisclosure/2016/Jun/5
- WEBhttps://github.com/liferay/liferay-portal/commit/b7ce087039f3b753f36f558df5faefac4ad4b160
- WEBhttps://issues.liferay.com/browse/LPS-62387
- WEBhttps://labs.integrity.pt/advisories/cve-2016-3670
- WEBhttps://www.exploit-db.com/exploits/39880
- WEBhttp://www.securitytracker.com/id/1036083