[LPS-11979] XXS vulnerability in asset publisher - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.0.4 GA, 6.0.5 GA
Fix Version/s: 6.0.4 GA, 6.0.5 GA
Component/s: Content Display Widgets > Asset Publisher widget
Labels:
None

Description

When displaying abstracts and contents in Asset Publisher, several fields of several asset types display unescaped information, allowing XSS atacks.

Attachments

Activity

People

Assignee:: Alberto Montero

Reporter:: Alberto Montero

Participants of an Issue:: Alberto Montero, Urvancev Andrey

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 11/Aug/10 4:41 AM

Updated:: 16/Aug/10 3:33 PM

Resolved:: 11/Aug/10 9:34 AM

Days since last comment:: 11 years, 48 weeks, 5 days ago

Packages

Version	Package
6.0.4 GA
6.0.5 GA