[gatein-issues] [JBoss JIRA] (GTNPORTAL-2921) Groups administration's Add Group got XSS vulnerability with the field Label

Friday, 12 April 2013


Hai Nguyen created GTNPORTAL-2921:
-------------------------------------

             Summary: Groups administration's Add Group got XSS vulnerability with the
field Label
                 Key: GTNPORTAL-2921
                 URL: https://issues.jboss.org/browse/GTNPORTAL-2921
             Project: GateIn Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
            Reporter: Hai Nguyen
            Assignee: Hai Nguyen


* Steps to reproduce:
# Admin user login to PLF
# goto: Administration>Groups and roles
# add a group with name *aaa*, put this script into the field *Label*
{code}
"/><script>alert("1000");</script><input value="a
{code}
# Logout
# Go back to Administration>Groups and roles
# Click to Edit his profile --> Script executed
--> *it's a bug*

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[gatein-issues] [JBoss JIRA] (GTNPORTAL-2921) Groups administration's Add Group got XSS vulnerability with the field Label