掲示板
Cross site scriptting in 6.1.0 navigation.vm
11年前 に Shiva Iyer によって更新されました。
Cross site scriptting in 6.1.0 navigation.vm
New Member 投稿: 2 参加年月日: 13/02/28 最新の投稿
Hello,
For my project we are using Liferay 6.1.0 and we have created our custom theme. Security team ran a check and they found cross scripting in navigation.vm file.
In navigation.vm we have below code
<a href="$nav_item.getURL()" $nav_item.getTarget()><span>$nav_item.icon() $nav_item.getName()</span></a>
The Security tool was able to modify the above href URL as below ...
<a href="http://<script>alert(document.domain)</script>/...
Can anyone please help me out how to solve this issue.
Regards,
Shiva
For my project we are using Liferay 6.1.0 and we have created our custom theme. Security team ran a check and they found cross scripting in navigation.vm file.
In navigation.vm we have below code
<a href="$nav_item.getURL()" $nav_item.getTarget()><span>$nav_item.icon() $nav_item.getName()</span></a>
The Security tool was able to modify the above href URL as below ...
<a href="http://<script>alert(document.domain)</script>/...
Can anyone please help me out how to solve this issue.
Regards,
Shiva
11年前 に Hitoshi Ozawa によって更新されました。
RE: Cross site scriptting in 6.1.0 navigation.vm
Liferay Legend 投稿: 7942 参加年月日: 10/03/24 最新の投稿
Go the community security page and get the security patch.
http://www.liferay.com/community/security-team/known-vulnerabilities
http://www.liferay.com/community/security-team/known-vulnerabilities
11年前 に Shiva Iyer によって更新されました。
RE: Cross site scriptting in 6.1.0 navigation.vm
New Member 投稿: 2 参加年月日: 13/02/28 最新の投稿
Hello Hitoshi,
Thanks for your valuable time to reply my post.
Regards,
Shiva
Thanks for your valuable time to reply my post.
Regards,
Shiva