[JS2-656] Cross-Site Scripting (XSS) vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.1
Fix Version/s: 2.1
Component/s: Components Core
Labels:
None

Description

A Cross-Site Scripting vulnerability was found for Jetspeed allowing anXXS Url attack like the following:
http://localhost:8080/jetspeed/portal/pages/default-page.psml/%22%3e%3cscript%3ealert(%27XSS%20test%27)%3c/script%3e

Attachments

Activity

People

Assignee:: Ate Douma

Reporter:: Ate Douma

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Mar/07 21:56

Updated:: 04/Oct/11 21:38

Resolved:: 02/Mar/07 22:08