Hai Nguyen created GTNPORTAL-2921: ------------------------------------- Summary: Groups administration's Add Group got XSS vulnerability with the field Label Key: GTNPORTAL-2921 URL: https://issues.jboss.org/browse/GTNPORTAL-2921 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Hai Nguyen Assignee: Hai Nguyen * Steps to reproduce: # Admin user login to PLF # goto: Administration>Groups and roles # add a group with name *aaa*, put this script into the field *Label* {code} "/><script>alert("1000");</script><input value="a {code} # Logout # Go back to Administration>Groups and roles # Click to Edit his profile --> Script executed --> *it's a bug* -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira