[gatein-issues] [JBoss JIRA] (GTNPORTAL-2412) [XSS] initialURI parameter is vulnerable to script injection

Tuesday, 4 September 2012



     [
https://issues.jboss.org/browse/GTNPORTAL-2412?page=com.atlassian.jira.pl...
]

kien nguyen resolved GTNPORTAL-2412.
------------------------------------

    Resolution: Done

    
...
 [XSS] initialURI parameter is vulnerable to script injection
 ------------------------------------------------------------

                 Key: GTNPORTAL-2412
                 URL: https://issues.jboss.org/browse/GTNPORTAL-2412
             Project: GateIn Portal
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
            Reporter: kien nguyen
            Assignee: kien nguyen
              Labels: portal-s68
             Fix For: 3.4.0.Final

         Attachments: XSS.png


 *Step to reproduces:
 Paste this attack vector into address bar & hit Enter

http://plf-3.5.3-snapshot.acceptance.exoplatform.org/portal/j_security_ch...
 >>> result: pop-up shown (see attachment) 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[gatein-issues] [JBoss JIRA] (GTNPORTAL-2412) [XSS] initialURI parameter is vulnerable to script injection