Hi David,
Please find below Cross site scripting related issues related to Jetspeed framework. We are currently using 2.1.3. in production. If you have any workaround or solution or quickfix in 2.1.3 itself pls let me know. Please find below screenshots for your reference. Let me know if you need additional details on this. Category : a. 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (2) 1. [cid:[email protected]] [cid:[email protected]] b. 150084 Unencoded characters (2) [cid:[email protected]] 2. [cid:[email protected]] Regards, Dnyaneshwar -----Original Message----- From: DavidSeanTaylor [mailto:[email protected]] Sent: Saturday, June 13, 2015 3:22 AM To: Jetspeed Developers List Subject: Re: Cross-Site scripting Issue - Jetspeed 2.2.2 Please send me the details of the XSS issue, I’d be glad to help > On Jun 12, 2015, at 1:37 AM, Dnyaneshwar Dabhade > <[email protected]<mailto:[email protected]>> > wrote: > > Hi Team, > > We are currently having Jetspeed 2.1.3 version and when came across security > vulnerability issue related to cross site scripting. > So we decided to go for higher version i.e. jetspeed 2.2.2. If anyone knows > if JS 2.2.2 version is free from cross site scripting related issue. Also if > you know some quick workaround to resolve cross site issues in JS 2.1.3, > please let me know. Your help will be highly appreciated. > > <http://www.majesco.com/> > Dnyaneshwar Dabhade/ Software Specialist > [email protected]<mailto:[email protected]> > <mailto:[email protected]> / Direct: +91 22 6791 4545 > Ext 5474 / Cell: +91 9833629599 > > Majesco / Mastek New Development Centre, MBP-P–136,136A, Mahape, Navi > Mumbai - 400 710 > Office: +91 22 6791 4545 / Fax: +91 22 2778 1332 > http://www.majesco.com <http://www.majesco.com/> > <https://twitter.com/majescoins> > <http://www.youtube.com/channel/UCfUF97aYmvgCXNUPdT8TUog> > <https://www.linkedin.com/in/dnyaneshwardabhade>
