[LPE-3208] XSS issue in the Navigation portlet - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.1 EE SP5 (5.1.8), 5.2 EE SP4 (5.2.8) , 6.0 CE (6.0.5)
Fix Version/s: 5.1 EE SP5 (5.1.8), 5.2 EE SP4 (5.2.8) , 6.0 EE (6.0.10)
Component/s: Application Security, WCM > Navigation
Labels:
None

Description

A cross site scripting (XSS) vulnerability exist with the page titles and URL in the Navigation portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

Attachments

Issue Links

is related to

LPS-12272 Navigation portlet is vulnerable to XSS

Closed

Activity

People

Assignee:: Sophia Zhang

Reporter:: Samuel Kong

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Sep/10 6:26 AM

Updated:: 09/Dec/16 12:50 PM

Resolved:: 28/Sep/10 10:37 PM

Packages

Version	Package
5.1 EE SP5 (5.1.8)
5.2 EE SP4 (5.2.8)
6.0 EE (6.0.10)