PUBLIC - Liferay Portal Community Edition

Malicious JavaScript can be inserted into the Plugins Configuration section of Control Panel

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 5.1.2, 5.2.3
  • Fix Version/s: 6.0.0 Preview
  • Component/s: Security
  • Labels:
    None
  • Branch Version/s:
    5.1.x, 5.2.x
  • Backported to Branch:
    Committed
  • Similar Issues:
    Show 4 results 

Description

A cross site scripting (XSS) vulnerability exist which allow an attacker to insert malicious JavaScript into the Plugins Configuration section of Control Panel

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Tim Stavenger added a comment - - Restricted to

This issue says that it has been backported to 5.1.x and 5.2.x. How would one go about getting the backported code? Is there a special branch/tag that needs to be used?

Thanks for the help!

Show
Tim Stavenger added a comment - - Restricted to This issue says that it has been backported to 5.1.x and 5.2.x. How would one go about getting the backported code? Is there a special branch/tag that needs to be used? Thanks for the help!
Hide
Permalink
Samuel Kong added a comment -

Tim, long term support of 5.1 and 5.2 is available to Liferay Portal Enterprise Edition subscribers. You can find out more at http://www.liferay.com/web/guest/products/portal/getitnow

Show
Samuel Kong added a comment - Tim, long term support of 5.1 and 5.2 is available to Liferay Portal Enterprise Edition subscribers. You can find out more at http://www.liferay.com/web/guest/products/portal/getitnow
Hide
Permalink
Olaf Kock added a comment -

The patches applied for 5.3 are visible when you click the "FishEye" tab on this issue. I'll see how easy this is ported back.

Show
Olaf Kock added a comment - The patches applied for 5.3 are visible when you click the "FishEye" tab on this issue. I'll see how easy this is ported back.

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.4#664-r167664) | Report a problem
Powered by a free Atlassian JIRA open source license for Liferay. Try JIRA - bug tracking software for your team.