Hai Nguyen created GTNPORTAL-2940: ------------------------------------- Summary: XSS attack on Display Name of registration form Key: GTNPORTAL-2940 URL: https://issues.jboss.org/browse/GTNPORTAL-2940 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Hai Nguyen When Display Name of an user contains script, it's executed when going to Dashboard. (logo portlet contains user's display name) Steps to check: * Register new user with display name is "<script>alert('test')</script>" * Login as new user * Go to Dashboard Problem: alert popup is shown. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira