Details

      Description

      In /html/portlet/layouts_admin/add_layout.jsp the randomNamespace parameter is taken from the request parameter and used in the call to Liferay.Dockbar.AddPage without being escaped. While this jsp cannot be called directly from the UI, this XSS vulnerability could potentially allow a malicious script to be run.

        Attachments

          Activity

            People

            • Assignee:
              gregory.bretall Gregory Bretall (Inactive)
              Reporter:
              EnterpriseReleaseHU Enterprise Release HU
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.2.X EE