フォーラム

ホーム » Liferay Portal » English » 6. Portal Framework

構造的に表示 平面上に表示 ツリー上に表示
スレッド [ 前へ | 次へ ]
toggle
Shiva Iyer
Cross site scriptting in 6.1.0 navigation.vm
2013/02/28 14:41
答え

Shiva Iyer

ランク: New Member

投稿: 2

参加年月日: 2013/02/28

最近の投稿

Hello,

For my project we are using Liferay 6.1.0 and we have created our custom theme. Security team ran a check and they found cross scripting in navigation.vm file.

In navigation.vm we have below code

<a href="$nav_item.getURL()" $nav_item.getTarget()><span>$nav_item.icon() $nav_item.getName()</span></a>

The Security tool was able to modify the above href URL as below ...

<a href="http://<script>alert(document.domain)</script>/...

Can anyone please help me out how to solve this issue.

Regards,
Shiva
Hitoshi Ozawa
RE: Cross site scriptting in 6.1.0 navigation.vm
2013/02/28 16:17
答え

Hitoshi Ozawa

ランク: Liferay Legend

投稿: 7954

参加年月日: 2010/03/23

最近の投稿

Go the community security page and get the security patch.

http://www.liferay.com/community/security-team/known-vulnerabilities
Shiva Iyer
RE: Cross site scriptting in 6.1.0 navigation.vm
2013/03/01 10:43
答え

Shiva Iyer

ランク: New Member

投稿: 2

参加年月日: 2013/02/28

最近の投稿

Hello Hitoshi,

Thanks for your valuable time to reply my post.

Regards,
Shiva