Details

      Description

      In /html/portlet/layouts_admin/add_layout.jsp the randomNamespace parameter is taken from the request parameter and used in the call to Liferay.Dockbar.AddPage without being escaped. While this jsp cannot be called directly from the UI, this XSS vulnerability could potentially allow a malicious script to be run.

        Attachments

          Activity

            People

            Assignee:
            gregory.bretall Gregory Bretall (Inactive)
            Reporter:
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.2.X EE