XSS vulnerability on Document Library Types
Description
Environment
Tomcat 7.0 + MySQL 5. Portal 6.1.x CE GIT ID: 422b9ff8fb3c7171b8e402712899c57516e25fb7.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 94f8f37a1fe7df90fe4603c7e072ffe80f96c05d.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 895007003b1534d7a606823ebeeea1f9ad74d4fb.
Activity
Show:
Justin Choi July 25, 2012 at 9:51 AM
PASSED Manual Testing following the steps in the description.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 9caa758bde0cf4721bf812a96e76cf2825f34dd5.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 338ee7f06716111db1c0f4168bd0b8dbc9fd04b8.
All four cases will generate the XSS dialog box. Minifer errors in the console displays.
Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 844a9390cfc57ce5d12770d26ac9f09f42a9afd4.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 19aabb75583a436fa9861ced02ac9ca08892c76b.
No XSS for all four test cases; the Minifer errors are not displayed in the console.
Michael Saechang July 24, 2012 at 10:32 AM
Committed on:
Portal 6.1.x CE GIT ID: ae52b8a138a2552c63375b3e4ef47ceb4de0b929.
Portal 6.2.x GIT ID: 063a7779269348617142c02d948812a5bc7e2cd4.
Fixed
Details
Assignee
Justin ChoiJustin Choi(Deactivated)Reporter
Sophia.ZhangSophia.Zhang(Deactivated)Branch Version/s
6.1.xBackported to Branch
CommittedFix Priority
3Git Pull Request
Components
Affects versions
Priority
Medium
Details
Details
Assignee
Justin ChoiReporter
Sophia.ZhangBranch Version/s
6.1.x
Backported to Branch
Committed
Fix Priority
3
Git Pull Request
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created June 17, 2012 at 11:05 PM
Updated June 24, 2023 at 3:49 PM
Resolved August 6, 2012 at 11:39 PM
Steps to reproduce:
Case 1:
1. Add New Document Type.
2. Drag Main Metadata Fields, Text and Text Box, Save.
3. Add a new document using this New Document Type.
3. Fill out <script>alert("xss")</script> for Text and Text Box field. Save.
4. Try to click on the document.
Xss alert will display.
In this case, text and Text Box have xss problem when creating New Document Type and adding New Data Definition in Dynamic Data List portlet.
Case 2
1. Add New Document Type with name "<script>alert("xss")</script>".
2. Add document with this type.
Note: Only fill out description with "<script>alert("xss")</script>" won't occur xss alert
Xss alert will display when try to click on this document.
Case 3:
1. Add New Document Type with name "<script>alert("xss")</script>"
2. Add an Asset Publish portlet.
Xss alert will occur.
Case 4.
1. Add an Asset Publish portlet first.
2. Add New Document Type with name "<script>alert("xss")</script>"
3. Try to upload a document with this document type.
Xss alert will occur.
Console error:
05:57:24,407 ERROR [MinifierUtil:109] 1: 10: Unexpected end of file
05:57:24,408 ERROR [MinifierUtil:109] 1: 0: Compilation produced 1 syntax errors.
05:57:24,409 ERROR [MinifierUtil:75] JavaScript Minifier failed for
alert-xss-