[JBoss JIRA] Created: (GTNPORTAL-1830) Cross Site Scripting vulnerabilities in user forms
by Gary Hu (JIRA)
Cross Site Scripting vulnerabilities in user forms
--------------------------------------------------
Key: GTNPORTAL-1830
URL: https://issues.jboss.org/browse/GTNPORTAL-1830
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Gary Hu
A user can place html or javascript as their first or last name causing a viewing user to execute said code. This may happen during user modification or in other actions. Other inputs may be vulnerable as well.
To reproduce this on the EPP 5.1 out of box installation:
1) login as root
2) go to "Users and groups management"
3) under "User Management" click the "Edit User Info" icon
4) In the "First Name" or "Last Name" filed type in something like "<script>alert("hello");</script>".
5) click the "Save" button. The javascript is executed and a pop up shows up.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] Created: (GTNPORTAL-1828) Translation of navigation elements not working for languages defined with country variant
by Martin Putz (JIRA)
Translation of navigation elements not working for languages defined with country variant
-----------------------------------------------------------------------------------------
Key: GTNPORTAL-1828
URL: https://issues.jboss.org/browse/GTNPORTAL-1828
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: User Interface, WebUI
Affects Versions: 3.1.0-GA
Reporter: Martin Putz
When I change the language setting in web interface to "Simplifed Chinese", only some items are translated, but others in navigating bar and breadcrumbs portlet are still in English. Whereas I tried Japanese and Korean language, its translation works quite well and all items are changed.
The same problem appears shows up in the 'Edit Navigation' function at Site or Group level.
The properties files for these languages are available, for instance:
gatein.ear/02portal.war/WEB-INF/classes/locale/navigation/portal/classic_zh.xml
This defect shows up for all languages defined with country variant, such as 'zh_TW' or 'pt_BR'.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months
[JBoss JIRA] Created: (GTNWSRP-202) Producer configuration - error message for test policy
by Michal Vanco (JIRA)
Producer configuration - error message for test policy
------------------------------------------------------
Key: GTNWSRP-202
URL: https://issues.jboss.org/browse/GTNWSRP-202
Project: GateIn WSRP
Issue Type: Bug
Components: Producer
Environment: Gatein wsrp-extraction branch (from 2/18)
Reporter: Michal Vanco
Assignee: Chris Laprun
Fix For: 2.0.1-GA
There is an error like:
Couldn't register with producer 'selfv2' Could not register consumer named 'mvanco-laptop WSRP v2 version' Cause: Requires a non-null, non-empty identity
when creating new consumer for producer where I I set TestRegistrationPolicy.
Is this correct error? Can you please verify what's happening with this test policy (that's the same as you have at test folder in producer-lib)?
To reproduce:
- copy attached jar to deploy folder (contains policy)
- set policy on producer to: org.gatein.test.wsrp.TestRegistrationPolicy
- create new consumer
Note: you can also verify with 1 instance and self producer/consumer
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 2 months