Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-1135

Malicious JavaScript can be inserted into the Enterprise Admin portlet

    Details

      Description

      A cross site scripting (XSS) vulnerability exist with the name and job title field in the Enterprise Admin portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

      To address this issue, names and job titles are now escaped before they are displayed on a page.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wesley.gong Wesley Gong
              Reporter:
              wesley.gong Wesley Gong
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  5.1 EE SP3 (5.1.6)