Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-134552

You are allowed to inject and execute scripts in web content title

    XMLWordPrintable

Details

    Description

      Description: You are allowed to inject scripts in web content title.

      Steps:

      1. Navigate to Product Menu > Content & Data > Web Content
      2. Add a Basic Web Content with title '<script>alert(123);</script>' and a content
      3. Publish it
      4. Edit the Web content

      Expect result: No Alert.
      Actual result: Alert 123 displayed.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. LPS-133314 Accessibility errors on search page portlet using OAW tool

          • Closed

          Activity

            People

              summer.zhang Summer Zhang
              georgel.pop Georgel Vasile Pop
              Kiyoshi Lee Kiyoshi Lee
              Georgel Vasile Pop Georgel Vasile Pop
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                1 year, 39 weeks, 3 days ago

                Packages

                  Version Package
                  7.0.X
                  7.1.10 DXP FP26
                  7.1.10.7 SP7
                  7.1.X
                  7.2.10 DXP FP15
                  7.2.X
                  7.3.10.3 DXP SP3
                  7.3.X
                  7.4.2 CE GA3 DXP 7,4
                  7.4.13 DXP GA1
                  Master