-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 6.2 EE GA1 (6.2.10)
-
Fix Version/s: 6.2.X EE
-
Component/s: WCM > Sites Management > Site Administration
In /html/portlet/layouts_admin/add_layout.jsp the randomNamespace parameter is taken from the request parameter and used in the call to Liferay.Dockbar.AddPage without being escaped. While this jsp cannot be called directly from the UI, this XSS vulnerability could potentially allow a malicious script to be run.