EPSS
Percentile
94.3%
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2016/Jun/5
www.securitytracker.com/id/1036083
issues.liferay.com/browse/LPS-62387
labs.integrity.pt/advisories/cve-2016-3670/
www.exploit-db.com/exploits/39880/