Note: This is an archival copy of Security Sun Alert 239308 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019409.1.
Sun Java System Portal Server 7.0
Sun Java System Portal Server 7.1
Date of Resolved Release
A Cross Site Scripting (XSS) security vulnerability exists in some of the Portlets bundled with Sun Java System Portal Server (see below for details)
2. Contributing Factors
This issue can occur in the following releases:
# <PS_INSTALL_DIR>/bin/psadmin version -u amadmin -f passwordFile
Fri Aug 20 07:37:07 PDT 2008 Sun Java(tm) System Portal Server 7.1
Note: Portal Server Software versions 6.3.1 or earlier and version 7.2 are not impacted by this issue.
3. SymptomsThere are no predictable symptoms that would indicate the described issue has been exploited.
4. WorkaroundThere is no workaround for this issue. Please see the Resolution section below.
5. ResolutionThis issue is addressed in the following releases:
For more information on Security Sun Alerts, see
This solution has no attachment