portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DavidSeanTaylor <da...@bluesunrise.com>
Subject Re: Cross-Site scripting Issue - Jetspeed 2.2.2
Date Mon, 15 Jun 2015 15:57:31 GMT
I am not seeing the screenshots on my Mail program. Could you please send screenshots to david@bluesunrise.com
<mailto:david@bluesunrise.com>

> On Jun 15, 2015, at 2:51 AM, Dnyaneshwar Dabhade <dnyaneshwar.Dabhade@majesco.com>
wrote:
> 
> Hi David,
>  
> Please find below Cross site scripting related issues related to Jetspeed framework.
 We are currently using 2.1.3. in production. 
> If you have any workaround or solution or quickfix in 2.1.3 itself pls let me know. 
>  
>  
>  
> Please find below screenshots for your reference. Let  me know if you need additional
details on this.
> Category :
> a.       150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (2)
>  
> 1.        
> 
>  
>  
> 
>  
>  
>  
> b. 150084 Unencoded characters (2)
>  
> 
>  
> 2.        
> 
>  
> Regards,
> Dnyaneshwar
>  
>  
> -----Original Message-----
> From: DavidSeanTaylor [mailto:david@bluesunrise.com <mailto:david@bluesunrise.com>]

> Sent: Saturday, June 13, 2015 3:22 AM
> To: Jetspeed Developers List
> Subject: Re: Cross-Site scripting Issue - Jetspeed 2.2.2
>  
> Please send me the details of the XSS issue, I’d be glad to help
>  
> > On Jun 12, 2015, at 1:37 AM, Dnyaneshwar Dabhade <dnyaneshwar.Dabhade@majesco.com
<mailto:dnyaneshwar.Dabhade@majesco.com>> wrote:
> > 
> > Hi Team,
> >  
> > We are currently having Jetspeed 2.1.3 version and when came across security vulnerability
issue related to cross site scripting. 
> > So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows if JS
2.2.2 version is free from cross site scripting related issue. Also if you know some quick
workaround to resolve cross site issues in JS 2.1.3, please let me know. Your help will be
highly appreciated.
> >  
> >  <http://www.majesco.com/ <http://www.majesco.com/>>
> > Dnyaneshwar Dabhade/ Software Specialist 
> > dnyaneshwar.dabhade@majesco.com <mailto:dnyaneshwar.dabhade@majesco.com>
> > <mailto:dnyaneshwar.dabhade@majesco.com <mailto:dnyaneshwar.dabhade@majesco.com>>
/ Direct: +91 22 6791 4545 
> > Ext 5474 / Cell: +91 9833629599
> > 
> > Majesco / Mastek New Development Centre, MBP-P–136,136A, Mahape, Navi 
> > Mumbai - 400 710
> > Office: +91 22 6791 4545 / Fax: +91 22 2778 1332 
> > http://www.majesco.com <http://www.majesco.com/> <http://www.majesco.com/
<http://www.majesco.com/>>
> >   <https://twitter.com/majescoins <https://twitter.com/majescoins>>
 
> > <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog>>

> > <https://www.linkedin.com/in/dnyaneshwardabhade <https://www.linkedin.com/in/dnyaneshwardabhade>>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message