Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-960

Phishing + XSS vulnerability with "Return to Full Page" link

    Details

      Description

      An XSS vulnerability exist with the "Return to Full Page" if it's combined with a phishing attack.

      To patch a theme, replace the following line in portlet.vm

      #set ($portlet_back_url = $portlet_display.getURLBack())

      with

      #set ($portlet_back_url = $htmlUtil.escape($portlet_display.getURLBack()))

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              support-ee EE Support
              Reporter:
              samuel.kong Samuel Kong
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  5.1 EE SP3 (5.1.6)
                  5.2 EE (5.2.4)