From jira-events at lists.jboss.org Thu May 2 04:04:54 2013 Content-Type: multipart/mixed; boundary="===============7007783601742390023==" MIME-Version: 1.0 From: Minh Hoang TO (JIRA) To: gatein-issues at lists.jboss.org Subject: [gatein-issues] [JBoss JIRA] (GTNPORTAL-2974) XSS vunerability on user 's job title Date: Thu, 02 May 2013 04:04:54 -0400 Message-ID: In-Reply-To: JIRA.12490948.1367481743000@jira02.app.mwc.hst.phx2.redhat.com --===============7007783601742390023== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ https://issues.jboss.org/browse/GTNPORTAL-2974?page=3Dcom.atlassian.j= ira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D127715= 14#comment-12771514 ] = Minh Hoang TO commented on GTNPORTAL-2974: ------------------------------------------ Back port issue of https://jira.exoplatform.org/browse/EXOGTN-1340 = > XSS vunerability on user 's job title > ------------------------------------- > > Key: GTNPORTAL-2974 > URL: https://issues.jboss.org/browse/GTNPORTAL-2974 > Project: GateIn Portal > Issue Type: Bug > Security Level: Public(Everyone can see) = > Reporter: Minh Hoang TO > > While creating a new user with job title taking the value '', the value of this user profile attribute is not encoded befo= re being persisted into database. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrato= rs For more information on JIRA, see: http://www.atlassian.com/software/jira --===============7007783601742390023==--