[LPS-16506] XSS problem in Role and Community. - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 5.2.3, 5.2.9 EE
Fix Version/s: 5.2.X EE
Component/s: Accessibility, Security Vulnerability, ~ [Archived] Sites Management
Labels:
- QA-R
Environment:
Tomcat 6.29 + MySQL 5.0. 5.2.X Revision 78087

Branch Version/s:

5.2.x
Backported to Branch:

Committed

Description

XSS problem in Role and Community.

Steps to reproduced the problem:

1. Start liferay and login.
2. Go to Control Panel.
3. Then add or edit a Role or Commumy. User inserts the following code.<script>alert("xss")</script>.
4. Then click Save button.
5. Then add a portlet click Permissions.

The problem only happened 52

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

XSS_Issues-1.png
80 kB
14/Apr/11 12:31 AM
XSS_Issues-2.png
52 kB
14/Apr/11 12:31 AM

Activity

People

Assignee:: Mark Jin (Inactive)

Reporter:: Mark Jin (Inactive)

Participants of an Issue:: Josef Šustáček, Mark Jin

Recent user:: Marta Elicegui

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Apr/11 12:30 AM

Updated:: 07/Apr/20 5:01 AM

Resolved:: 04/May/11 6:47 PM

Days since last comment:: 9 years, 22 weeks, 4 days ago

Packages

Version	Package
5.2.X EE