CVE-2016-3670

6.1 MEDIUM

Published: June 13, 2016 Modified: May 06, 2026

Description

Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2016/Jun/5

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id/1036083

Source: cve@mitre.org

https://issues.liferay.com/browse/LPS-62387

Source: cve@mitre.org

Vendor Advisory

https://labs.integrity.pt/advisories/cve-2016-3670/

Source: cve@mitre.org

Exploit

https://www.exploit-db.com/exploits/39880/

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html