Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-61116

Stored XSS with user names in Social Networking Map

        Details

        • Type: Bug
        • Status: Closed
        • Resolution: Duplicate
        • Affects Version/s: 6.2.3 CE GA4
        • Fix Version/s: 6.2.3 CE GA4
        • Component/s: Social Networking
        • Labels:
          None

          Description

          A stored cross-site scripting (XSS) vulnerability exist with user names in the Social Networking's Map portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

            Attachments

              Activity

                People

                • Assignee:
                  samuel.kong Samuel Kong
                  Reporter:
                  samuel.kong Samuel Kong
                  Participants of an Issue:
                  Recent user:
                  Esther Sanz
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Days since last comment:
                    3 years, 24 weeks, 1 day ago