kien nguyen created GTNPORTAL-2412: -------------------------------------- Summary: [XSS] initialURI parameter is vulnerable to script injection Key: GTNPORTAL-2412 URL: https://issues.jboss.org/browse/GTNPORTAL-2412 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: kien nguyen Fix For: 3.3.0.CR01 Attachments: XSS.png *Step to reproduces: Paste this attack vector into address bar & hit Enter http://plf-3.5.3-snapshot.acceptance.exoplatform.org/portal/j_security_ch... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira