Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

top_head.jsp has unescaped URL cause XSS

Description

top_head.jsp has unescaped URL cause XSS
This can NOT be replicated with new browsers like Chrome 16, Firefox 9, IE 9
I replicated it with IE 6 through this URL
http://127.0.0.1:8080/web/guest/home?p_auth=3XAquPjW&p_p_id=58&p_p_lifecycle=1&p_p_state="--></script><script>alert(/eG9BcV5Y/)</script>&p_p_mode=view&saveLastPath=0&_58_struts_action=/login/create_account

Environment

Tomcat 6/7; Liferay portal trunk/6.1.x; mysql5

Attachments

1
  • 06 Feb 2012, 06:59 PM

Activity

Show:

Mark Jin February 12, 2012 at 6:06 PM

PASSED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.1.0 GA1.

Fixed on:
Tomcat 7.0 + MySQL 5. 6.1.x GIT ID: 42f543b72841f5012e3453741a83c43521ee9dfd.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 1dd1dc2fcb969bb8e1b41340a7cf582d1ad81aa6.

Michael Saechang February 10, 2012 at 2:30 PM

Committed on:
6.1.x GIT ID: 1e2a5f5c5a19e43b5c4175a775d2cea7bd3bcdd3.
6.2.x GIT ID: 110bf722fb056c71a47ead9fe44ef9cb998beabf.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Branch Version/s

6.1.x

Backported to Branch

Committed

Fix Priority

5

Git Pull Request

Components

Fix versions

Affects versions

Priority

Zendesk Support

Created February 6, 2012 at 6:59 PM
Updated June 24, 2023 at 3:49 PM
Resolved July 9, 2012 at 1:43 AM

Flag notifications