[gatein-issues] [JBoss JIRA] (GTNPORTAL-2412) [XSS] initialURI parameter is vulnerable to script injection

Thursday, 12 April 2012



     [
https://issues.jboss.org/browse/GTNPORTAL-2412?page=com.atlassian.jira.pl...
]

kien nguyen reassigned GTNPORTAL-2412:
--------------------------------------

    Assignee: kien nguyen

    
...
 [XSS] initialURI parameter is vulnerable to script injection
 ------------------------------------------------------------

                 Key: GTNPORTAL-2412
                 URL: https://issues.jboss.org/browse/GTNPORTAL-2412
             Project: GateIn Portal
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
            Reporter: kien nguyen
            Assignee: kien nguyen
             Fix For: 3.3.0.CR01

         Attachments: XSS.png


 *Step to reproduces:
 Paste this attack vector into address bar & hit Enter

http://plf-3.5.3-snapshot.acceptance.exoplatform.org/portal/j_security_ch...
 >>> result: pop-up shown (see attachment) 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[gatein-issues] [JBoss JIRA] (GTNPORTAL-2412) [XSS] initialURI parameter is vulnerable to script injection