-
Type:
Bug
-
Resolution: Fixed
-
Priority:
High
-
Affects Version/s: 3.12, 3.12.1, 3.12.2, 3.12.3, 3.13, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 4.0, 4.0.1, 4.0.2, 4.1
-
Component/s: Dashboard & Gadgets
-
3.12
The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly.