[LPE-1245] Malicious JavaScript can be inserted into the quick note portlet - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.1 EE SP3 (5.1.6), 5.2 EE SP1 (5.2.5)
Fix Version/s: 5.1 EE SP4 (5.1.7), 5.2 EE SP2 (5.2.6)
Component/s: Application Security, Util > Quick Note
Labels:
None
Environment:
All

Description

A cross site scripting (XSS) vulnerability exists with display field in the quick note portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page. To address this issue display field is escaped before text is displayed.

Attachments

Issue Links

is related to

LPS-4340 Malicious javascript can be inserted into the quick note portlet

Closed

Activity

People

Assignee:: Wesley Gong

Reporter:: Wesley Gong

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 31/Jul/09 6:24 PM

Updated:: 09/Dec/16 12:43 PM

Resolved:: 09/Jun/10 1:59 AM

Packages

Version	Package
5.1 EE SP4 (5.1.7)
5.2 EE SP2 (5.2.6)