From jira-events at lists.jboss.org Thu May  2 04:02:53 2013
Content-Type: multipart/mixed; boundary="===============7197060387325684561=="
MIME-Version: 1.0
From: Minh Hoang TO (JIRA) <jira-events at lists.jboss.org>
To: gatein-issues at lists.jboss.org
Subject: [gatein-issues] [JBoss JIRA] (GTNPORTAL-2974) XSS vunerability on
 user 's job title
Date: Thu, 02 May 2013 04:02:53 -0400
Message-ID: <JIRA.12490948.1367481743641.30212.1367481773457@jira02.app.mwc.hst.phx2.redhat.com>
In-Reply-To: JIRA.12490948.1367481743641@jira02.app.mwc.hst.phx2.redhat.com

--===============7197060387325684561==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Minh Hoang TO created GTNPORTAL-2974:
----------------------------------------

             Summary: XSS vunerability on user 's job title
                 Key: GTNPORTAL-2974
                 URL: https://issues.jboss.org/browse/GTNPORTAL-2974
             Project: GateIn Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
            Reporter: Minh Hoang TO


While creating a new user with job title taking the value '<script>alert(12=
)</script>', the value of this user profile attribute is not encoded before=
 being persisted into database.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrato=
rs
For more information on JIRA, see: http://www.atlassian.com/software/jira

--===============7197060387325684561==--