Archived Setups - title of archived setup is not properly escaped

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.0 CE RC1
Fix Version/s: 6.1.0 CE RC1, --Sprint 11/12, 6.2.0 CE M2
Component/s: Security
Labels:
- bugsquad
Environment:
Tomcat 7.0.22. + MySQL 5. 6.1.x Revision: 93508.

Story Points:
2
Fix Priority:
4

Similar Issues:

Show 4 results

Description

add asset publisher to a page
go to Configuration -> Setup
go to Archive/Restore Setup
save your setup as <script>alert("www.eo.pl");</script
Effect: almost immediately you will see javascript error because HTML in that name was not escaped. This is security bug.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Przechwytywanie2.PNG

50 kB

11/Nov/11 5:23 AM

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Paul Piao added a comment - 13/Nov/11 6:17 PM

Hi Szymon,
Thank you for your report. I was able to reproduce this issue in 6.1.0 B3. I have also tested this issue on trunk revision 93508 and I was also reproduce. I will update the this ticket to reflect the issue.

Show

Paul Piao added a comment - 13/Nov/11 6:17 PM Hi Szymon, Thank you for your report. I was able to reproduce this issue in 6.1.0 B3. I have also tested this issue on trunk revision 93508 and I was also reproduce. I will update the this ticket to reflect the issue.

Hide

Permalink

Kiyoshi Lee added a comment - 27/Dec/11 5:37 PM

PASSED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.2.x Revision: 95520.

Fixed on:
Tomcat 7.0 + MySQL 5. 6.1.x Revision: 96736.
Tomcat 7.0 + MySQL 5. 6.2.x Revision: 96736.

Javascript error is no longer present.

Show

Kiyoshi Lee added a comment - 27/Dec/11 5:37 PM PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0 + MySQL 5. 6.2.x Revision: 95520. Fixed on: Tomcat 7.0 + MySQL 5. 6.1.x Revision: 96736. Tomcat 7.0 + MySQL 5. 6.2.x Revision: 96736. Javascript error is no longer present.

Hide

Permalink

Edward Gonzales added a comment - 19/Apr/13 4:14 PM

Hello everyone! We are in the process of removing component "Portlet" from LPS. Please make the necessary adjustments to affected filters. Thanks!

Show

Edward Gonzales added a comment - 19/Apr/13 4:14 PM Hello everyone! We are in the process of removing component "Portlet" from LPS. Please make the necessary adjustments to affected filters. Thanks!

People

Assignee:

Kiyoshi Lee

Reporter:

Szymon Golebiewski

Participants of an Issue:

Edward Gonzales, Kiyoshi Lee, Paul Piao, Szymon Golebiewski

Vote (0)

Watch (1)

Dates

Created:

11/Nov/11 5:23 AM

Updated:

19/Apr/13 4:14 PM

Resolved:

13/Dec/11 10:02 AM

Days since last comment:

5 weeks ago

Agile

View on Board

~~LPS-13724~~	Configurations saved as an 'Archived Setup' do not 'Restore' properly in the 'Shopping Portlet'.
~~LPS-5757~~	Portlet Archived Setups are not shown after being imported from LAR
~~LPS-1033~~	Asset Publisher - Archived Setup Bug
~~LPS-15918~~	List and load Archived portlet setups from the Add Application menu