Lucene search
Veracode Vulnerability DatabaseVERACODE:25558HistoryJun 02, 2020 - 6:08 a.m.
Cross-Site Scripting (XSS)
2020-06-0206:08:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.079
Percentile
94.3%
com.liferay.portal.search.web is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the curUserName parameter.
References
packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2016/Jun/5
www.securitytracker.com/id/1036083
github.com/liferay/liferay-portal/commit/b7ce087039f3b753f36f558df5faefac4ad4b160
issues.liferay.com/browse/LPS-62387
labs.integrity.pt/advisories/cve-2016-3670/
www.exploit-db.com/exploits/39880
www.exploit-db.com/exploits/39880/
Related
exploitpack
exploitpack
Liferay CE 6.2 CE GA6 - Persistent Cross-Site Scripting
2016-06-02 00:00:00
zdt
zdt
Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
2016-06-02 00:00:00
cvelist
cvelist
CVE-2016-3670
2016-06-13 14:00:00
prion
prion
Cross site scripting
2016-06-13 14:59:00
cve
cve
CVE-2016-3670
2016-06-13 14:59:03
packetstorm
packetstorm
Liferay CE Stored Cross Site Scripting
2016-06-01 00:00:00
exploitdb
exploitdb
Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
2016-06-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Liferay Portal User Account Stored Cross Site Scripting (CVE-2016-3670)
2016-06-22 00:00:00
openvas
openvas
Liferay Stored XSS Vulnerability
2016-08-01 00:00:00
nvd
nvd
CVE-2016-3670
2016-06-13 14:59:03