[LPS-16474] XSS issues in Polls portlet. - Liferay Issues

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 5.2.3, 5.2.9 EE, 6.0.6 GA
Fix Version/s: 5.2.X EE, --Sprint - SP, 6.0.12 EE, 6.1.0 CE RC1
Component/s: Accessibility, Polls, Security Vulnerability, Social Networking
Labels:
- QA-R
Environment:
Tomcat 6.29 + MySQL 5.0. FireFox 4.0. 5.2.x Revision 77791.
Tomcat 6.29 + MySQL 5.0. FireFox 4.0. 6.0.x Revision 77791.
Tomcat 6.29 + MySQL 5.0. FireFox 4.0. 6.1.x Revision 77791.

Branch Version/s:

6.0.x, 5.2.x
Backported to Branch:

Committed

Description

XSS issues in Polls portlet.

Steps to reproduced the issues:

1. Start liferay and login.
2. Go to Control Panel => Polls.
3. Add a question, When add question in Choices input <script>alert("xss")</script>.
4. Then click save.
5. Click the question and select one and try click Vote button.

I upload an image can see the result.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

XSS_Issues.png
28 kB
13/Apr/11 12:13 AM

Issue Links

relates

LPE-4932 XSS Issue in the Polls portlet

Closed

Activity

People

Assignee:

Sophia Zhang

Reporter:

Mark Jin (Inactive)

Participants of an Issue:

Mark Jin, Sophia Zhang

Recent user:

Esther Sanz

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

13/Apr/11 12:13 AM

Updated:

01/Dec/15 5:36 AM

Resolved:

28/Apr/11 3:25 PM

Days since last comment:

8 years, 15 weeks ago

Packages

Version	Package
5.2.X EE
--Sprint - SP
6.0.12 EE
6.1.0 CE RC1