-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
-
Fix Version/s: 6.1.2 CE GA3, 6.1.30 EE GA3, 6.2.0 CE M4
-
Environment:Tomcat 7 + MySQL 5. Portal 6.1.x GIT ID: 0c4e8b41040f17c26c1e7589729b0f18b98bace7.
Tomcat 7 + MySQL 5. Portal 6.2.x GIT ID: 48a7c4c1c41473f02a27f554476c2ba257f3933a.
-
Branch Version/s:6.1.x
-
Backported to Branch:Committed
-
Git Pull Request:
Steps to reproduce
- Create a Custom Field for Users, in the Type drop down menu select Group of Text Values.
- Add some XSS ("><script>alert('Custom Field Key');</script>) into the Default Value.
- Save the Custom Field.
- Go to My Account and notice the popup window.
- relates
-
LPE-8175 XSS vulnerability with custom fields in My Account page
-
- Closed
-