Fixed
Pinned fields
Click on the next to a field label to start pinning.
Details
Assignee
Mark JinMark Jin(Deactivated)Reporter
Neil JinNeil Jin(Deactivated)Branch Version/s
6.1.xBackported to Branch
CommittedFix Priority
5Git Pull Request
Components
Fix versions
Affects versions
Priority
Medium
Details
Details
Assignee
Mark Jin
Mark Jin(Deactivated)Reporter
Neil Jin
Neil Jin(Deactivated)Branch Version/s
6.1.x
Backported to Branch
Committed
Fix Priority
5
Git Pull Request
Components
Fix versions
Affects versions
Priority
Zendesk Support
Zendesk Support
Zendesk Support
Created February 6, 2012 at 6:59 PM
Updated June 24, 2023 at 3:49 PM
Resolved July 9, 2012 at 1:43 AM
top_head.jsp has unescaped URL cause XSS
This can NOT be replicated with new browsers like Chrome 16, Firefox 9, IE 9
I replicated it with IE 6 through this URL
http://127.0.0.1:8080/web/guest/home?p_auth=3XAquPjW&p_p_id=58&p_p_lifecycle=1&p_p_state="--></script><script>alert(/eG9BcV5Y/)</script>&p_p_mode=view&saveLastPath=0&_58_struts_action=/login/create_account