Posted by Fernando Camara on Jun 01

Fernando Câmara @ Integrity S.A
www.integrity.pt
https://twitter.com/overflowy

https://labs.integrity.pt/advisories/cve-2016-3670/

—

CVE-2016-3670 Stored Cross Site Scripting in Liferay CE

1. Vulnerability Properties

Title: Stored Cross-Site Scripting Liferay CE
CVE ID: CVE-2016-3670
CVSSv3 Base Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Vendor: Liferay Inc
Products: Liferay
Advisory Release Date: 27 May 2016
Advisory URL:…