Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-44694

Steps to prevent XSS vulnerablity in liferay 6.1.0.

    Details

      Description

      How to prevent the XSS vulnerability in Liferay 6.1.0?

      While using our customized registration portlet - we have submit the form - but default quetystring like p_p_id ,p_p_view would visible to the user. If the user will give the javascript tags in the param value to the p_p_view , it accepts the param.

      how to solve the issue?

        Attachments

          Activity

            People

            Assignee:
            michael.saechang Michael Saechang
            Reporter:
            vikneswaran vikneswaran (Inactive)
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              7 years, 20 weeks, 4 days ago

                Packages

                Version Package
                6.1.X EE
                6.2.X EE
                7.0.0 M3