5 matches found
Liferay Portal User Account Stored Cross Site Scripting (CVE-2016-3670)
A persistent XSS vulnerability exists in the user account creation process in Liferay Portal. The vulnerability is due to insufficient input validation of the firstName, middleName and lastName parameters. Successful exploitation could allow the attacker to inject arbitrary script code into a use...
Liferay CE 6.2 CE GA6 - Persistent Cross-Site Scripting
Liferay CE 6.2 CE GA6 - Persistent Cross-Site Scripting CVE-2016-3670 Stored Cross Site Scripting in Liferay CE 1. Vulnerability Properties Title: Stored Cross-Site Scripting Liferay CE CVE ID: CVE-2016-3670 CVSSv3 Base Score: 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Vendor: Liferay Inc Products:...
Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
Exploit for php platform in category web applications CVE-2016-3670 Stored Cross Site Scripting in Liferay CE 1. Vulnerability Properties Title: Stored Cross-Site Scripting Liferay CE CVE ID: CVE-2016-3670 CVSSv3 Base Score: 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Vendor: Liferay Inc Products:...
Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
CVE-2016-3670 Stored Cross Site Scripting in Liferay CE 1. Vulnerability Properties Title: Stored Cross-Site Scripting Liferay CE CVE ID: CVE-2016-3670 CVSSv3 Base Score: 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Vendor: Liferay Inc Products: Liferay Advisory Release Date: 27 May 2016 Advisory URL:...
Liferay CE Stored Cross Site Scripting
Fernando Câmara @ Integrity S.A www.integrity.pt https://twitter.com/overflowy https://labs.integrity.pt/advisories/cve-2016-3670/ --- CVE-2016-3670 Stored Cross Site Scripting in Liferay CE 1. Vulnerability Properties Title: Stored Cross-Site Scripting Liferay CE CVE ID: CVE-2016-3670 CVSSv3 Bas...