portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dnyaneshwar Dabhade <dnyaneshwar.Dabh...@majesco.com>
Subject RE: Cross-Site scripting Issue - Jetspeed 2.2.2
Date Mon, 15 Jun 2015 09:51:53 GMT
Hi David,



Please find below Cross site scripting related issues related to Jetspeed framework.  We are
currently using 2.1.3. in production.

If you have any workaround or solution or quickfix in 2.1.3 itself pls let me know.







Please find below screenshots for your reference. Let  me know if you need additional details
on this.

Category :

a.       150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (2)



1.

[cid:image004.jpg@01D0A77F.024B2A30]





[cid:image006.jpg@01D0A77F.024B2A30]







b. 150084 Unencoded characters (2)



[cid:image008.jpg@01D0A77F.024B2A30]



2.

[cid:image009.jpg@01D0A77F.024B2A30]



Regards,

Dnyaneshwar





-----Original Message-----
From: DavidSeanTaylor [mailto:david@bluesunrise.com]
Sent: Saturday, June 13, 2015 3:22 AM
To: Jetspeed Developers List
Subject: Re: Cross-Site scripting Issue - Jetspeed 2.2.2



Please send me the details of the XSS issue, I’d be glad to help



> On Jun 12, 2015, at 1:37 AM, Dnyaneshwar Dabhade <dnyaneshwar.Dabhade@majesco.com<mailto:dnyaneshwar.Dabhade@majesco.com>>
wrote:

>

> Hi Team,

>

> We are currently having Jetspeed 2.1.3 version and when came across security vulnerability
issue related to cross site scripting.

> So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows if JS 2.2.2
version is free from cross site scripting related issue. Also if you know some quick workaround
to resolve cross site issues in JS 2.1.3, please let me know. Your help will be highly appreciated.

>

>  <http://www.majesco.com/>

> Dnyaneshwar Dabhade/ Software Specialist

> dnyaneshwar.dabhade@majesco.com<mailto:dnyaneshwar.dabhade@majesco.com>

> <mailto:dnyaneshwar.dabhade@majesco.com> / Direct: +91 22 6791 4545

> Ext 5474 / Cell: +91 9833629599

>

> Majesco / Mastek New Development Centre, MBP-P–136,136A, Mahape, Navi

> Mumbai - 400 710

> Office: +91 22 6791 4545 / Fax: +91 22 2778 1332

> http://www.majesco.com <http://www.majesco.com/>

>   <https://twitter.com/majescoins>

> <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog>

> <https://www.linkedin.com/in/dnyaneshwardabhade>
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message