CVE-2016-3670: Liferay Portal Vulnerable to XSS in Profile Search Functionality

(updated )

Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay (before 7.0.0 CE RC1) allows remote attackers to inject arbitrary web script or HTML via the FirstName field.

References

Code Behaviors & Features

Detect and mitigate CVE-2016-3670 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →