Описание
Liferay Portal Vulnerable to XSS in Profile Search Functionality
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay (before 7.0.0 CE RC1) allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3670
- https://github.com/liferay/liferay-portal/commit/b7ce087039f3b753f36f558df5faefac4ad4b160
- https://issues.liferay.com/browse/LPS-62387
- https://labs.integrity.pt/advisories/cve-2016-3670
- https://www.exploit-db.com/exploits/39880
- http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2016/Jun/5
- http://www.securitytracker.com/id/1036083
Пакеты
Наименование
com.liferay:com.liferay.portal.search.web
maven
Затронутые версииВерсия исправления
< 1.0.3
1.0.3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 9 лет назад
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.