Cross site scriptting in 6.1.0 navigation.vm

掲示板

11年前に Shiva Iyer によって更新されました。

Cross site scriptting in 6.1.0 navigation.vm

New Member 投稿: 2 参加年月日: 13/02/28 最新の投稿

Hello,

For my project we are using Liferay 6.1.0 and we have created our custom theme. Security team ran a check and they found cross scripting in navigation.vm file.

In navigation.vm we have below code

<a href="$nav_item.getURL()" $nav_item.getTarget()><span>$nav_item.icon() $nav_item.getName()</span></a>

The Security tool was able to modify the above href URL as below ...

<a href="http://<script>alert(document.domain)</script>/...

Can anyone please help me out how to solve this issue.

Regards,
Shiva

11年前に Hitoshi Ozawa によって更新されました。

RE: Cross site scriptting in 6.1.0 navigation.vm

Liferay Legend 投稿: 7942 参加年月日: 10/03/24 最新の投稿

Go the community security page and get the security patch.

http://www.liferay.com/community/security-team/known-vulnerabilities

11年前に Shiva Iyer によって更新されました。

RE: Cross site scriptting in 6.1.0 navigation.vm

New Member 投稿: 2 参加年月日: 13/02/28 最新の投稿

Hello Hitoshi,

Thanks for your valuable time to reply my post.

Regards,
Shiva