Details

      Description

      XSS issue where if you add the following line into a message board thread and open it, java script is executed: [img]asd[font= onerror=alert(/XSS/.source)//]FF[/font][/img]

      Steps
      1. Hot deploy the hook plugin:
      2. Deploy the hook plugin "antisamy-hook".
      3. Login into Liferay
      4. Add a Message Boards portlet.
      5. Add a new thread and enter for the body: "[img]asd[font= onerror=alert(/XSS/.source)//]FF[/font][/img]" and click save
      6. Click back into the thread

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              steven.cao Steven Cao (Inactive)
              Reporter:
              albert.lee Albert Lee
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 23 weeks, 3 days ago

                  Packages

                  Version Package
                  5.2.X EE