[gatein-issues] [JBoss JIRA] (GTNPORTAL-2974) XSS vunerability on user 's job title
[
https://issues.jboss.org/browse/GTNPORTAL-2974?page=com.atlassian.jira.pl...
]
Minh Hoang TO commented on GTNPORTAL-2974:
------------------------------------------
Back port issue of https://jira.exoplatform.org/browse/EXOGTN-1340
XSS vunerability on user 's job title
-------------------------------------
Key: GTNPORTAL-2974
URL: https://issues.jboss.org/browse/GTNPORTAL-2974
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Reporter: Minh Hoang TO
While creating a new user with job title taking the value
'<script>alert(12)</script>', the value of this user profile attribute
is not encoded before being persisted into database.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira