[LPE-4977] XSS issue in the "Return to Full Page" link - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.2 EE SP5 (5.2.9) , 6.0 EE SP1 (6.0.11)
Fix Version/s: 5.2 EE SP6 (5.2.10), 6.0 EE SP2 (6.0.12)
Component/s: Application Security, Themes
Labels:
None

Description

A cross site scripting (XSS) vulnerability exist with a portlet's "Return to Full Page" link. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

Attachments

Issue Links

is related to

LPS-16963 XSS issue in "Return to Full Page" link

Closed

Activity

People

Assignee:: EE Support

Reporter:: Samuel Kong

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 05/May/11 12:38 AM

Updated:: 09/Dec/16 1:06 PM

Resolved:: 05/May/11 12:40 AM

Packages

Version	Package
5.2 EE SP6 (5.2.10)
6.0 EE SP2 (6.0.12)