You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Dnyaneshwar Dabhade <dn...@majesco.com> on 2015/06/12 10:37:19 UTC
Cross-Site scripting Issue - Jetspeed 2.2.2
Hi Team,
We are currently having Jetspeed 2.1.3 version and when came across security vulnerability issue related to cross site scripting.
So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows if JS 2.2.2 version is free from cross site scripting related issue. Also if you know some quick workaround to resolve cross site issues in JS 2.1.3, please let me know. Your help will be highly appreciated.
[cid:image001.jpg@01D0A519.17FD0E10]<http://www.majesco.com/>
Dnyaneshwar Dabhade/ Software Specialist
dnyaneshwar.dabhade@majesco.com<ma...@majesco.com> / Direct: +91 22 6791 4545 Ext 5474 / Cell: +91 9833629599
Majesco / Mastek New Development Centre, MBP-P-136,136A, Mahape, Navi Mumbai - 400 710
Office: +91 22 6791 4545 / Fax: +91 22 2778 1332
http://www.majesco.com<http://www.majesco.com/>
[cid:image002.png@01D0A519.17FD0E10] <https://twitter.com/majescoins> [cid:image003.png@01D0A519.17FD0E10] <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog> [cid:image004.png@01D0A519.17FD0E10] <https://www.linkedin.com/in/dnyaneshwardabhade>
Re: Cross-Site scripting Issue - Jetspeed 2.2.2
Posted by DavidSeanTaylor <da...@bluesunrise.com>.
I am not seeing the screenshots on my Mail program. Could you please send screenshots to david@bluesunrise.com <ma...@bluesunrise.com>
> On Jun 15, 2015, at 2:51 AM, Dnyaneshwar Dabhade <dn...@majesco.com> wrote:
>
> Hi David,
>
> Please find below Cross site scripting related issues related to Jetspeed framework. We are currently using 2.1.3. in production.
> If you have any workaround or solution or quickfix in 2.1.3 itself pls let me know.
>
>
>
> Please find below screenshots for your reference. Let me know if you need additional details on this.
> Category :
> a. 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (2)
>
> 1.
>
>
>
>
>
>
>
> b. 150084 Unencoded characters (2)
>
>
>
> 2.
>
>
> Regards,
> Dnyaneshwar
>
>
> -----Original Message-----
> From: DavidSeanTaylor [mailto:david@bluesunrise.com <ma...@bluesunrise.com>]
> Sent: Saturday, June 13, 2015 3:22 AM
> To: Jetspeed Developers List
> Subject: Re: Cross-Site scripting Issue - Jetspeed 2.2.2
>
> Please send me the details of the XSS issue, I’d be glad to help
>
> > On Jun 12, 2015, at 1:37 AM, Dnyaneshwar Dabhade <dnyaneshwar.Dabhade@majesco.com <ma...@majesco.com>> wrote:
> >
> > Hi Team,
> >
> > We are currently having Jetspeed 2.1.3 version and when came across security vulnerability issue related to cross site scripting.
> > So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows if JS 2.2.2 version is free from cross site scripting related issue. Also if you know some quick workaround to resolve cross site issues in JS 2.1.3, please let me know. Your help will be highly appreciated.
> >
> > <http://www.majesco.com/ <http://www.majesco.com/>>
> > Dnyaneshwar Dabhade/ Software Specialist
> > dnyaneshwar.dabhade@majesco.com <ma...@majesco.com>
> > <mailto:dnyaneshwar.dabhade@majesco.com <ma...@majesco.com>> / Direct: +91 22 6791 4545
> > Ext 5474 / Cell: +91 9833629599
> >
> > Majesco / Mastek New Development Centre, MBP-P–136,136A, Mahape, Navi
> > Mumbai - 400 710
> > Office: +91 22 6791 4545 / Fax: +91 22 2778 1332
> > http://www.majesco.com <http://www.majesco.com/> <http://www.majesco.com/ <http://www.majesco.com/>>
> > <https://twitter.com/majescoins <https://twitter.com/majescoins>>
> > <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog>>
> > <https://www.linkedin.com/in/dnyaneshwardabhade <https://www.linkedin.com/in/dnyaneshwardabhade>>
RE: Cross-Site scripting Issue - Jetspeed 2.2.2
Posted by Dnyaneshwar Dabhade <dn...@majesco.com>.
Hi David,
Please find below Cross site scripting related issues related to Jetspeed framework. We are currently using 2.1.3. in production.
If you have any workaround or solution or quickfix in 2.1.3 itself pls let me know.
Please find below screenshots for your reference. Let me know if you need additional details on this.
Category :
a. 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (2)
1.
[cid:image004.jpg@01D0A77F.024B2A30]
[cid:image006.jpg@01D0A77F.024B2A30]
b. 150084 Unencoded characters (2)
[cid:image008.jpg@01D0A77F.024B2A30]
2.
[cid:image009.jpg@01D0A77F.024B2A30]
Regards,
Dnyaneshwar
-----Original Message-----
From: DavidSeanTaylor [mailto:david@bluesunrise.com]
Sent: Saturday, June 13, 2015 3:22 AM
To: Jetspeed Developers List
Subject: Re: Cross-Site scripting Issue - Jetspeed 2.2.2
Please send me the details of the XSS issue, I’d be glad to help
> On Jun 12, 2015, at 1:37 AM, Dnyaneshwar Dabhade <dn...@majesco.com>> wrote:
>
> Hi Team,
>
> We are currently having Jetspeed 2.1.3 version and when came across security vulnerability issue related to cross site scripting.
> So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows if JS 2.2.2 version is free from cross site scripting related issue. Also if you know some quick workaround to resolve cross site issues in JS 2.1.3, please let me know. Your help will be highly appreciated.
>
> <http://www.majesco.com/>
> Dnyaneshwar Dabhade/ Software Specialist
> dnyaneshwar.dabhade@majesco.com<ma...@majesco.com>
> <ma...@majesco.com> / Direct: +91 22 6791 4545
> Ext 5474 / Cell: +91 9833629599
>
> Majesco / Mastek New Development Centre, MBP-P–136,136A, Mahape, Navi
> Mumbai - 400 710
> Office: +91 22 6791 4545 / Fax: +91 22 2778 1332
> http://www.majesco.com <http://www.majesco.com/>
> <https://twitter.com/majescoins>
> <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog>
> <https://www.linkedin.com/in/dnyaneshwardabhade>
Re: Cross-Site scripting Issue - Jetspeed 2.2.2
Posted by DavidSeanTaylor <da...@bluesunrise.com>.
Please send me the details of the XSS issue, I’d be glad to help
> On Jun 12, 2015, at 1:37 AM, Dnyaneshwar Dabhade <dn...@majesco.com> wrote:
>
> Hi Team,
>
> We are currently having Jetspeed 2.1.3 version and when came across security vulnerability issue related to cross site scripting.
> So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows if JS 2.2.2 version is free from cross site scripting related issue. Also if you know some quick workaround to resolve cross site issues in JS 2.1.3, please let me know. Your help will be highly appreciated.
>
> <http://www.majesco.com/>
> Dnyaneshwar Dabhade/ Software Specialist
> dnyaneshwar.dabhade@majesco.com <ma...@majesco.com> / Direct: +91 22 6791 4545 Ext 5474 / Cell: +91 9833629599
>
> Majesco / Mastek New Development Centre, MBP-P–136,136A, Mahape, Navi Mumbai - 400 710
> Office: +91 22 6791 4545 / Fax: +91 22 2778 1332
> http://www.majesco.com <http://www.majesco.com/>
> <https://twitter.com/majescoins> <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog> <https://www.linkedin.com/in/dnyaneshwardabhade>