8 lines
No EOL
506 B
Text
8 lines
No EOL
506 B
Text
source: https://www.securityfocus.com/bid/10402/info
|
|
|
|
It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal.
|
|
|
|
|
|
Test:
|
|
Add a message with subject <script>history.go(-1)</script>
|
|
Now, no user can see message board. |