CVE-2016-3670
Liferay Portal Vulnerable to XSS in Profile Search Functionality
6.1
MEDIUM
CVSS 3.1
EPSS 9.3%
Description
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay (before 7.0.0 CE RC1) allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
How to fix CVE-2016-3670
To remediate CVE-2016-3670, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.3 or later
Is CVE-2016-3670 being exploited?
Moderate — EPSS is 9.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |