[gatein-issues] [JBoss JIRA] Created: (GTNPORTAL-1858) XSS issue in dashboard new page creation
Thomas Heute (JIRA)
jira-events at lists.jboss.org
Wed Apr 13 05:46:33 EDT 2011
XSS issue in dashboard new page creation
----------------------------------------
Key: GTNPORTAL-1858
URL: https://issues.jboss.org/browse/GTNPORTAL-1858
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Thomas Heute
Assignee: Thomas Heute
Fix For: 3.2.0-GA
this issue has two subdivisions:
1. basic page add
login
click on dashboard, to the "on page editor" click on the "plus" button to add new page and set "<script>alert('hi');</script>" as its name
the javascript is now invoked
2. advanced page add
login, go to dashboard
click dashboard editor -> add new page
put "whatever" to node name and "<script>alert('hi');</script>" as node description
click next, next
the javascript is invoked
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list