Known Vulnerabilities

Description

• LPS-44182 Reflected XSS in edit layout
• LPS-44196 Stored XSS in Asset Publisher and WCM Display portlets via OpenOffice conversion file extensions
• LPS-44197 Reflected XSS in *Directory portlets using tabs1Names parameter
• LPS-44200 Reflected XSS in Trash using renameMessage, overrideMessage and oldName params
• LPS-42688 Stored XSS issues via portlet Look&Feel screen
• LPS-42713 Stored XSS in Layout CSS
• LPS-43043 XSS using Theme configuration
• LPS-43362 XSS with Page Variation History
• LPS-43477 XSS in FileEntry and Folder title
• LPS-43496 XSS in search configuration
• LPS-43508 XSS in WCM title preview & Trash model title
• LPS-43615 XSS in DocLib repository
• LPS-43617 Reflected XSS in DocLib & Journal entryColumns and displayViews params
• LPS-43619 XSS in DDM Structures - defaultLanguage
• LPS-43647 Reflected XSS in Group Statistics
• LPS-43649 Several XSS in Journal
• LPS-43658 Stored and reflected XSS in Mobile Device Rules
• LPS-43659 XSS in LDAP group import test
• LPS-43664 Reflected XSS in roles admin
• LPS-43811 Stored & Reflected XSS via SessionClickAction
• LPS-43839 XSS in Public render parameters configuration
• LPS-41075 XSS problem on repository

Severity

Severity 2

Fixed Version(s)

• 6.2.1-ce-ga2-security-1.0 patch (source)

Publication date: Tue, 22 Apr 2014 15:29:00 +0000