XSS issue in the Directory portlet

Affects versions

5.2 EE SP5 (5.2.9)

6.0 EE SP1 (6.0.11)

Fix versions

5.2 EE SP6 (5.2.10)

6.0 EE SP2 (6.0.12)

7.0 Fix Pack Version

None

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

None

7.4 Fix Pack Version

None

CVE IDs

None

CVSS Base Score

None

CVSS Vector String

None

Labels

6.0_release_notes

Description

A cross site scripting (XSS) vulnerability exist with the user addresses in the Directory portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

Linked issues

is related to

LPSA-13879

XSS vulnerability

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Mark Jin(Deactivated)

Reporter

Brian Chan

Priority

High

Components

Zendesk Support

Created December 10, 2010 at 10:16 AM

Updated December 21, 2022 at 11:37 AM

Resolved January 4, 2011 at 9:17 PM

Configure