LPSA-19832

XSS - Weather portlet.

Description

1. Deploy Weather portlet.
2. Go to Preferences.
3. Fill <script>alert("xss")</script>.
4. Save and return.

Environment

Tomcat 7.0 + MySQL 5. 6.1.x EE GIT ID: 3a243c58e6a0c77f4442673e00adcf58414085b9. Plugin: 097dba7158b4c9e4d49b0962b41a5418585fa041. Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 2b6d3a246b1434b2dedc4304a58ca3731239fd24. Plugin: 43fed43a6a2cdd27ecfd45bbd8ef84dfce47864a.

Attachments

Linked issues

relates

LPE-9418

Weather portlet XSS is not escaped

preston.crary

Activity

Show:

Samuel Kong July 3, 2012 at 1:53 AM

Committed on:
Plugins 6.1.x CE GIT ID: 20bfd780b6c616c9807141150435942e822de4a4.

EdG June 25, 2012 at 5:02 PM

Slated for inclusion in 6.1.1 CE GA2

Mark Jin March 26, 2012 at 6:36 PM
Edited

PASSED Manual Testing following the steps in the description.

Fixed on:
Tomcat 7.0 + MySQL 5. 6.1.x EE GIT ID: 9c0d3e1cda05c312352bd1efdfbab946090e802c. Plugins: c4784a8764ac82c4ceeeeeab8452cb00caeeb188.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 93613bac87c229f9881a3cc56ca26af22700f031. Plugins: 6a3651617ab4d40ba41a4d9afb56f20cb003cd71.

Couldn't get the popup.

Fixed

Details
Assignee
Mark Jin(Deactivated)
Reporter
Mark Jin(Deactivated)
Labels
QA-RXSS
Branch Version/s
6.1.x
Backported to Branch
Committed
Fix Priority
3
Git Pull Request
Components
Fix versions
6.1.1 CE GA2
6.1.20 EE GA2
--Sprint 11/12
6.2.0 CE M2
Affects versions
6.1.0 CE GA1
6.1.10 EE GA1
Priority
Medium

Zendesk Support

Created March 23, 2012 at 1:10 AM

Updated June 24, 2023 at 3:49 PM

Resolved July 3, 2012 at 1:53 AM

XSS - Weather portlet.

Description

Environment

Attachments

Linked issues

relates

Activity

Samuel Kong July 3, 2012 at 1:53 AM

EdG June 25, 2012 at 5:02 PM

Mark Jin March 26, 2012 at 6:36 PMEdited

Details

Assignee

Reporter

Labels

Branch Version/s

Backported to Branch

Fix Priority

Git Pull Request

Components

Fix versions

Affects versions

Priority

Zendesk SupportLinked Tickets

Zendesk Support

Mark Jin March 26, 2012 at 6:36 PM
Edited

Zendesk Support