Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
Srvna R
Reflective XSS vulnerablity in our Liferay 6.1 portal
26 settembre 2013 22.10

Srvna R

Punteggio: New Member

Messaggi: 10

Data di Iscrizione: 9 luglio 2013

Messaggi recenti

We are using a Liferay 6.1 portal with MySQL server. Our security team has informed us that when using the search function the "_3_ keywords" argument is not properly sanitized when displayed in the page leading to reflective XSS vulnerability. Kindly let us know if there are any methods to avoid this reflective XSS vulnerability. Thanks in advance
David H Nebinger
RE: Reflective XSS vulnerablity in our Liferay 6.1 portal
27 settembre 2013 6.34

David H Nebinger

Community Moderator

Punteggio: Liferay Legend

Messaggi: 13225

Data di Iscrizione: 1 settembre 2006

Messaggi recenti

What version of 6.1? Are you using EE like you should for any internet-facing portal implementation? Have you applied the security patches for GA2, are you using GA3?

So many questions, so little detail in your post.

Long story short, Liferay CE is meant to show off what Liferay is capable of. Beyond that you can stand up an intranet solution pretty easily as you don't have to worry so much about security. You can even stand CE up on the internet as long as you're not concerned about security (i.e. it's your own personal CE instance where you're hosting a blog or things you've done and security is no real issue at all).

But if you are putting Liferay on the internet, it really should only be done on the EE platform. Anything else will be full of holes, will not be patched to the latest and greatest security level, and exposes your company.

Participate in the State of Liferay Community 2017. Help the community and even win some prizes!