Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-25382

top_head.jsp has unescaped URL cause XSS

    Details

      Description

      top_head.jsp has unescaped URL cause XSS
      This can NOT be replicated with new browsers like Chrome 16, Firefox 9, IE 9
      I replicated it with IE 6 through this URL
      http://127.0.0.1:8080/web/guest/home?p_auth=3XAquPjW&p_p_id=58&p_p_lifecycle=1&p_p_state="--></script><script>alert(/eG9BcV5Y/)</script>&p_p_mode=view&saveLastPath=0&_58_struts_action=/login/create_account

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mark.jin Mark Jin (Inactive)
              Reporter:
              zhao.jin Neil Jin (Inactive)
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 38 weeks, 2 days ago

                  Packages

                  Version Package
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  6.2.0 CE M2