[LPS-44694] Steps to prevent XSS vulnerablity in liferay 6.1.0. - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Won't Fix
Affects Version/s: 6.1.1 CE GA2
Fix Version/s: 6.1.X EE, 6.2.X EE, 7.0.0 M3
Component/s: Dev Tools, Dev Tools > Plugins SDK
Labels:

Description

How to prevent the XSS vulnerability in Liferay 6.1.0?

While using our customized registration portlet - we have submit the form - but default quetystring like p_p_id ,p_p_view would visible to the user. If the user will give the javascript tags in the param value to the p_p_view , it accepts the param.

how to solve the issue?

Attachments

Activity

People

Assignee:: Michael Saechang

Reporter:: vikneswaran (Inactive)

Participants of an Issue:: Michael Saechang, vikneswaran

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Feb/14 2:45 AM

Updated:: 22/Jul/14 3:15 PM

Resolved:: 22/Jul/14 3:15 PM

Days since last comment:: 7 years, 20 weeks, 4 days ago

Packages

Version	Package
6.1.X EE
6.2.X EE
7.0.0 M3