[
https://issues.jboss.org/browse/GTNPORTAL-2974?page=com.atlassian.jira.pl...
]
Trong Tran resolved GTNPORTAL-2974.
-----------------------------------
Resolution: Won't Fix
We should not persist encoded value into database.
it must be encoded when displaying corresponding to the client type ( the browser for
instance )
XSS vunerability on user 's job title
-------------------------------------
Key: GTNPORTAL-2974
URL:
https://issues.jboss.org/browse/GTNPORTAL-2974
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Reporter: Minh Hoang TO
While creating a new user with job title taking the value
'<script>alert(12)</script>', the value of this user profile attribute
is not encoded before being persisted into database.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira