[LPS-26290] XSS Issues in Document Type - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1, 6.2.0 CE M2
Fix Version/s: 6.1.10 EE GA1, 6.1.20 EE GA2, --Sprint 11/12, 6.2.0 CE M2
Component/s: Documents & Media
Labels:
- QA-R
Environment:
Tomcat 7.0 + MySQL 5. 6.1.x EE GIT ID: f42f42b68c5e9d8050118a4a6e08172746ba602a.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: afc7e5200242e4db563be2e32eb2755c3172bc91.

Branch Version/s:

6.1.x
Backported to Branch:

Committed
Added to Fix Pack:

Added
Git Pull Request:
https://github.com/hhuijser/liferay-portal/pull/542

Description

1. Add Documents and Media portlet.
2. Click Manege drop menu.
3. Click Document Types.
4. Fill <script>alert("xss")</script> in name.
5. Click Save.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

XSS_Document Type.jpg
87 kB
26/Mar/12 1:11 AM

Issue Links

relates

LPE-6646 XSS Issues in Document Type

Closed

Activity

People

Assignee:: Mark Jin (Inactive)

Reporter:: Mark Jin (Inactive)

Participants of an Issue:: Edward Gonzales, Mark Jin, Michael Saechang

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Mar/12 1:11 AM

Updated:: 25/Nov/16 3:39 AM

Resolved:: 03/Oct/12 4:53 PM

Days since last comment:: 9 years, 49 weeks, 1 day ago

Packages

Version	Package
6.1.10 EE GA1
6.1.20 EE GA2
--Sprint 11/12
6.2.0 CE M2