Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-13250

XSS vulnerability in message board search

    Details

      Description

      There is an XSS vulnerability in message board search.

      Steps to reproduce:
      1. Create a new message board thread and a new message using '<script>alert(1)</script>' as a title.
      2. Search messages using 'alert' as a keyword
      3. See how JavaScript written in the title field is evaluated in the search results page

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  9 years, 24 weeks, 6 days ago

                  Packages

                  Version Package
                  --Sprint - SP
                  6.1.0 CE RC1