myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary VanMatre (JIRA)" <...@myfaces.apache.org>
Subject [jira] Created: (TRINIDAD-1868) cross-site scripting vulnerability using __adfv__
Date Tue, 27 Jul 2010 18:01:27 GMT
cross-site scripting vulnerability using __adfv__
-------------------------------------------------

                 Key: TRINIDAD-1868
                 URL: https://issues.apache.org/jira/browse/TRINIDAD-1868
             Project: MyFaces Trinidad
          Issue Type: Bug
    Affects Versions:  1.2.12-core,  1.2.11-core, 2.0.0.3-core
            Reporter: Gary VanMatre


Cross-Site Scripting vulnerability. Using a simple JSF Page with __ADFv__ in
the URL and some JavaScript results in the rendering and execution of the
JavaScript in the user's web browser.

Needs fixed in the following branches: 
* 1.2.11.1-branch
* 1.2.12.3-branch
* trunk

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message