Red Hat Bugzilla – Bug 1019052
CVE-2013-4424 GateIn: XSS due to improper url escaping
Last modified: 2016-03-04 06:29:59 EST
Multiple cross-site scripting (XSS) flaws were found in the GateIn component caused by the improper escaping of single quotation marks in the URL. A remote attacker could provide a specially-crafted URL that, when visited, would lead to arbitrary HTML or web script injection.
Red Hat would like to thank Cloud Technology Development Department, Ricoh Company, Ltd. for reporting this issue.
This issue has been addressed in following products:
Red Hat JBoss Portal 6.1.0
Via RHSA-2013:1843 https://rhn.redhat.com/errata/RHSA-2013-1843.html