[gatein-issues] [JBoss JIRA] (GTNPORTAL-2940) XSS attack on Display Name of registration form
Hai Nguyen (JIRA)
jira-events at lists.jboss.org
Sun Apr 21 22:51:25 EDT 2013
[ https://issues.jboss.org/browse/GTNPORTAL-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hai Nguyen updated GTNPORTAL-2940:
----------------------------------
Affects Version/s: 3.6.0.Beta01
> XSS attack on Display Name of registration form
> -----------------------------------------------
>
> Key: GTNPORTAL-2940
> URL: https://issues.jboss.org/browse/GTNPORTAL-2940
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 3.6.0.Beta01
> Reporter: Hai Nguyen
> Assignee: Hai Nguyen
>
> When Display Name of an user contains script, it's executed when going to Dashboard. (logo portlet contains user's display name)
> Steps to check:
> * Register new user with display name is "<script>alert('test')</script>"
> * Login as new user
> * Go to Dashboard
> Problem: alert popup is shown.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list