XSS vulnerability in portlet title

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 6.0.12 EE
Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1, 6.0.X EE
Component/s: Security
Labels:
- QA-R

Description

XSS vulnerability from portlet titles

Activity

Hide

Permalink

Sharry Shi added a comment - 01/Nov/11 1:31 AM - edited

PASSED Manual Testing using the following steps:

1 Login.
2 Add -> wiki -> Click wiki's options -> Export/Import.
3 Change the URL,add "<script>alert(1)</script>" after Resouce=.

Reproduced on:
Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91670.
Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 89695.

Then you will see the alert info as "1".

Fixed on:
Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91970.
Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 91875.

There has no alert information but a reminder.

Show

Sharry Shi added a comment - 01/Nov/11 1:31 AM - edited PASSED Manual Testing using the following steps: 1 Login. 2 Add -> wiki -> Click wiki's options -> Export/Import. 3 Change the URL,add "<script>alert(1)</script>" after Resouce=. Reproduced on: Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91670. Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 89695. Then you will see the alert info as "1". Fixed on: Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91970. Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 91875. There has no alert information but a reminder.

People

Assignee:

Sharry Shi

Reporter:

Jonathan Mak

Participants of an Issue:

Jonathan Mak, Sharry Shi

Vote (0)

Watch (2)

Dates

Created:

28/Oct/11 11:49 AM

Updated:

17/Jan/12 5:49 PM

Resolved:

01/Nov/11 1:32 AM

Days since last comment:

1 year, 28 weeks, 6 days ago

Agile

View on Board

~~LPS-3286~~	XSS vulnerability in <title> and <meta> tags
~~LPS-8831~~	XSS vulnerability in journal portlet
~~LPS-2395~~	XSS vulnerability in calendar portlet
~~LPS-3220~~	XSS vulnerability in Shopping portlet