Title: Message Title
|
|
|
|
|
The root issue is most user inputs are not sanitized - html escaped - to prevent XSS.
|
|
|
|
|
|
|
On the collection home page in JSPUI, there is a list of recent submissions that lists the titles of few items in the collection.
The title strings do not pass Java's addEntities method and embeded _javascript_/css will be evaluated by the browser.
To fix, add "Utils.addEntities" to "dcv[0].value" in "collection-home.jsp"
|
|
|
|
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
