Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-134552

You are allowed to inject and execute scripts in web content title

    Details

      Description

      Description: You are allowed to inject scripts in web content title.

      Steps:

      1. Navigate to Product Menu > Content & Data > Web Content
      2. Add a Basic Web Content with title '<script>alert(123);</script>' and a content
      3. Publish it
      4. Edit the Web content

      Expect result: No Alert.
      Actual result: Alert 123 displayed.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              summer.zhang Summer Zhang
              Reporter:
              georgel.pop Georgel Vasile Pop
              Participants of an Issue:
              Recent user:
              Clarissa Velazquez
              Engineering Assignee:
              Georgel Vasile Pop
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                47 weeks, 4 days ago

                  Packages

                  Version Package
                  7.0.X
                  7.1.10 DXP FP26
                  7.1.10.7 SP7
                  7.1.X
                  7.2.10 DXP FP15
                  7.2.X
                  7.3.10.3 DXP SP3
                  7.3.X
                  7.4.2 CE GA3 DXP 7,4
                  7.4.13 DXP GA1
                  Master