Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-1131

Malicious JavaScript can be inserted into the Directory portlet

    Details

      Description

      A cross site scripting (XSS) vulnerability exist with the job title field in the Directory portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

      To address this issue, job titles are now escaped before they are displayed on a page.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wesley.gong Wesley Gong
              Reporter:
              wesley.gong Wesley Gong
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  5.2 EE SP1 (5.2.5)