Details
-
Bug
-
Resolution: Fixed
-
High
-
3.12, 3.12.1, 3.12.2, 3.12.3, 3.13, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 4.0, 4.0.1, 4.0.2, 4.1
-
3.12
-
Description
The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly.