XSS in staging
Activity
Show:
Paul Piao July 25, 2012 at 7:08 PMEdited
PASSED Manual Testing following the steps in the description.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.0 CE GA1.
I can see many JavaScript alerts.
Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: fe67228df017e4f6d09873a025d9706bc1d9d8ef.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 7d6341f2d8702a8d152281f85f1f61911c75523f.
Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GIT ID: f1f6bb02ad2c18e7b7e0b9908b2a8c2c7e7a4ac4.
No XSS in staing anymore.
Michael Saechang July 24, 2012 at 3:24 PM
Committed on:
Portal 6.1.x CE GIT ID: bf5e977a512af86c4fd65d3e9603daca028dc580.
Portal 6.2.x GIT ID: 3d7d290ac20998f2820ad0cf777563074e6f4cd4.
Fixed
Details
Assignee
Paul PiaoPaul Piao(Deactivated)Reporter
TomasTomasBranch Version/s
6.1.xBackported to Branch
CommittedGit Pull Request
Components
Affects versions
Priority
Medium
Details
Details
Assignee
Paul PiaoReporter
TomasBranch Version/s
6.1.x
Backported to Branch
Committed
Git Pull Request
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created July 24, 2012 at 9:29 AM
Updated June 24, 2023 at 4:01 PM
Resolved August 6, 2012 at 11:47 PM
How to reproduce:
Setup staging with page versioning for a site
Create 8 site variation with
name: '"><script>alert('site-variation-name')</script>
description: '"><script>alert('site-variation-description')</script>
Create a page with name: '"><script>alert('page-name')</script>
Create 8 page variations with
name: '"><script>alert('page-variation-name')</script>
description: '"><script>alert('page-variation-description')</script>
Now while browsing and editing site & page variations, publishing and edition the page / site you should see many JavaScript alerts