XSS issue in the Directory portlet

7.0 Fix Pack Version

None

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

None

7.4 Fix Pack Version

None

CVE IDs

CVSS Base Score

CVSS Vector String

Description

A cross site scripting (XSS) vulnerability exist with the user addresses in the Directory portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

is related to

Activity

Show:
Rafaela Nascimento
updated the LabelsDecember 21, 2022 at 11:37 AM
None
6.0_release_notes
Nicole
changed the StatusDecember 9, 2016 at 2:06 PM
Resolved
Closed
Nicole
updated the Security LevelDecember 9, 2016 at 2:06 PM
Private
None
Randy Zhu
updated the WorkflowJune 17, 2013 at 5:20 PM
Liferay Workflow 2.2
SHARED - Liferay Workflow 2.2
Mark Jin
changed the StatusJanuary 4, 2011 at 9:17 PM
Manual Testing
Resolved
Mark Jin
updated the ResolutionJanuary 4, 2011 at 9:17 PM
None
Fixed
Mark Jin
changed the AssigneeJanuary 4, 2011 at 8:09 PM
Samuel Kong
Mark Jin
Michael Saechang
changed the StatusJanuary 4, 2011 at 3:27 PM
In Review
Manual Testing
Samuel Kong
changed the StatusDecember 28, 2010 at 12:39 AM
In Progress
In Review
Samuel Kong
changed the StatusDecember 28, 2010 at 12:39 AM
Open
In Progress
Samuel Kong
updated the ComponentsDecember 28, 2010 at 12:39 AM
None
Portlet - Directory
Samuel Kong
updated the DescriptionDecember 28, 2010 at 12:39 AM
A cross site scripting (XSS) vulnerability exist with the user addresses page in the Control Panel. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.
A cross site scripting (XSS) vulnerability exist with the user addresses in the Directory portlet. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.
Samuel Kong
updated the SummaryDecember 28, 2010 at 12:39 AM
XSS issue in the user addresses page in the Control Panel
XSS issue in the Directory portlet
Samuel Kong
updated the ComponentsDecember 28, 2010 at 12:39 AM
Control Panel
None
Brian Chan
updated the Linked IssuesDecember 10, 2010 at 10:17 AM
None
This issue is related to LPS-11506
Brian Chan
created the IssueDecember 10, 2010 at 10:16 AM
Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Priority

Zendesk Support

Created December 10, 2010 at 10:16 AM
Updated December 21, 2022 at 11:37 AM
Resolved January 4, 2011 at 9:17 PM