Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed
    • Similar Issues:
      Show 2 results 

      Description

      XSS vulnerability from portlet titles

        Activity

        Hide
        Sharry Shi added a comment - - edited

        PASSED Manual Testing using the following steps:

        1 Login.
        2 Add -> wiki -> Click wiki's options -> Export/Import.
        3 Change the URL,add "<script>alert(1)</script>" after Resouce=.

        Reproduced on:
        Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91670.
        Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 89695.

        Then you will see the alert info as "1".

        Fixed on:
        Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91970.
        Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 91875.

        There has no alert information but a reminder.

        Show
        Sharry Shi added a comment - - edited PASSED Manual Testing using the following steps: 1 Login. 2 Add -> wiki -> Click wiki's options -> Export/Import. 3 Change the URL,add "<script>alert(1)</script>" after Resouce=. Reproduced on: Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91670. Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 89695. Then you will see the alert info as "1". Fixed on: Tomcat 6.0.33 + MySQL 5. 6.0.x Revision 91970. Tomcat 7.0.21 + MySQL 5. 6.1.x Revision 91875. There has no alert information but a reminder.

          People

          • Assignee:
            Sharry Shi
            Reporter:
            Jonathan Mak
            Recent user:
            Randy Zhu
            Participants of an Issue:
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 21 weeks, 2 days ago

              Development

                Structure Helper Panel