Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-842

Renaming a navigation item or a portlet title gives the impression of a XSS vulnerability

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Trivial
    • Resolution: Fixed
    • 5.1 EE SP1 (5.1.4)
    • 5.1 EE SP2 (5.1.5)
    • None
    • None
    • All

    Description

      Renaming a navigation item or a portlet title may give the impression of a XSS vulnerability. There's actually no XSS vulnerability because the entered JavaScript is only executed by the user who actually entered the JavaScript and if the page hasn't been refreshed. The JavaScript is escaped for all other users.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LPS-366 An attacker can enter and execute malicious scripts in application

          • Closed

          Activity

            People

              support-ee EE Support
              samuel.kong Samuel Kong
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Packages

                  Version Package
                  5.1 EE SP2 (5.1.5)