portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Created: (JS2-656) Cross-Site Scripting (XSS) vulnerability
Date Fri, 02 Mar 2007 21:57:50 GMT
Cross-Site Scripting (XSS)  vulnerability
-----------------------------------------

                 Key: JS2-656
                 URL: https://issues.apache.org/jira/browse/JS2-656
             Project: Jetspeed 2
          Issue Type: Bug
          Components: Components Core
    Affects Versions: 2.1
            Reporter: Ate Douma
         Assigned To: Ate Douma
            Priority: Blocker
             Fix For: 2.1


A Cross-Site Scripting vulnerability was found for Jetspeed allowing anXXS Url attack like
the following:
  http://localhost:8080/jetspeed/portal/pages/default-page.psml/%22%3e%3cscript%3ealert(%27XSS%20test%27)%3c/script%3e
  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message