Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 4.1.1, 4.2
Affects Version/s: 3.12, 3.12.1, 3.12.2, 3.12.3, 3.13, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 4.0, 4.0.1, 4.0.2, 4.1
Component/s: Dashboard & Gadgets
Labels:
- affects-server
- portlet
- security
- xss

Introduced in Version:
3.12
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Andreas Knecht (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Apr/2010 4:36 AM

Updated:: 27/Mar/2019 11:58 PM

Resolved:: 19/Apr/2010 4:18 AM