Liferay Enterprise Portal Remote Conduct Cross-Site Scripting Vulnerability.(LPS-62387)

Liferay makes software that helps companies create digital experiences on web, mobile and connected devices.

Liferay is vulnerable to a stored XSS when an user is created with an malicious payload on the FirstName field.

Affected Version
Liferay Enterprise Portal prior to 6.2 CE GA6

On successful exploitation a remote user can conduct cross-site scripting attacks.

Vendor has released update to address this vulnerability. Update to version 7.0.0 CE RC1.
Refer to vendor advisory LPS-62387 to obtain additional information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

LPS-62387