[LPE-1661] Malicious JavaScript can be inserted into the Plugins Configuration section of Control Panel - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.1 EE SP4 (5.1.7), 5.2 EE SP2 (5.2.6)
Fix Version/s: 5.1 EE SP5 (5.1.8), 5.2 EE SP3 (5.2.7)
Component/s: Application Security, Legacy > Control Panel menu, Legacy > Enterprise Admin
Labels:
None
Environment:
All

Description

A cross site scripting (XSS) vulnerability exist which allow an attacker to insert malicious JavaScript into the Plugins Configuration section of Control Panel (or the Plugins of Enterprise Admin portlet in 5.1.7).

Attachments

Issue Links

is related to

LPS-6034 Malicious JavaScript can be inserted into the Plugins Configuration section of Control Panel

Closed

Activity

People

Assignee:: Kristoffer Onias

Reporter:: Samuel Kong

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Nov/09 4:58 AM

Updated:: 09/Dec/16 12:44 PM

Resolved:: 08/Jan/10 3:07 PM

Packages

Version	Package
5.1 EE SP5 (5.1.8)
5.2 EE SP3 (5.2.7)