Posted by Fernando Camara on Jun 01
Fernando Câmara @ Integrity S.A
www.integrity.pt
https://twitter.com/overflowy
https://labs.integrity.pt/advisories/cve-2016-3670/
—
CVE-2016-3670 Stored Cross Site Scripting in Liferay CE
1. Vulnerability Properties
Title: Stored Cross-Site Scripting Liferay CE
CVE ID: CVE-2016-3670
CVSSv3 Base Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Vendor: Liferay Inc
Products: Liferay
Advisory Release Date: 27 May 2016
Advisory URL:…