PUBLIC - Liferay Portal Community Edition

xss vulnerability in upload_progress_poller

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Resolution: Fixed
  • Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1, 6.2.0 CE M2
  • Fix Version/s: 6.0.X EE, 6.1.1 CE GA2, 6.1.20 EE GA2, --Sprint 11/12, 6.2.0 CE M2
  • Component/s: Security
  • Labels:
  • Environment:
  • Branch Version/s:
    6.1.x, 6.0.x
  • Backported to Branch:
    Committed
  • Fix Priority:
    3
  • Similar Issues:
    Show 4 results 

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Mark Jin added a comment -

Hi Jelmer,

Thank you for your report. I was able to reproduce this issue in our current trunk head. I will update this ticket to reflect this issue.

Thanks.

Show
Mark Jin added a comment - Hi Jelmer, Thank you for your report. I was able to reproduce this issue in our current trunk head. I will update this ticket to reflect this issue. Thanks.
Hide
Permalink
Iliyan Peychev added a comment -

Sent PR to Nate for review:
https://github.com/natecavanaugh/liferay-portal/pull/640

Show
Iliyan Peychev added a comment - Sent PR to Nate for review: https://github.com/natecavanaugh/liferay-portal/pull/640
Hide
Permalink
Mark Jin added a comment -

PASSED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.10 EE GA1.

Able to see the pop up page.

Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: a7fae664079fadbf1383e1090a858f5b908c4458.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: ec3c3593540c45dc3d2e701eeff1eb2c2912dc58.

Unable to see the pop up page.

Show
Mark Jin added a comment - PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0 + MySQL 5. Portal 6.1.10 EE GA1. Able to see the pop up page. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: a7fae664079fadbf1383e1090a858f5b908c4458. Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: ec3c3593540c45dc3d2e701eeff1eb2c2912dc58. Unable to see the pop up page.
Hide
Permalink
Mark Jin added a comment -

PASSED Manual Testing following the steps in the description.

Fixed on:
Tomcat 6.0 + MySQL 5. Portal 6.0.x EE GIT ID: ec5c47db8fc85986edffc6349d1334477b6d6fbd.

Show
Mark Jin added a comment - PASSED Manual Testing following the steps in the description. Fixed on: Tomcat 6.0 + MySQL 5. Portal 6.0.x EE GIT ID: ec5c47db8fc85986edffc6349d1334477b6d6fbd.
Hide
Permalink
Edward Gonzales added a comment -

Slated for inclusion in 6.1.1 CE GA2

Show
Edward Gonzales added a comment - Slated for inclusion in 6.1.1 CE GA2
Hide
Permalink
Samuel Kong added a comment -

Committed on:
Portal 6.1.x CE GIT ID: bc71cd89572ad346d5b5c2a0042b1ef721bd1ee8.

Show
Samuel Kong added a comment - Committed on: Portal 6.1.x CE GIT ID: bc71cd89572ad346d5b5c2a0042b1ef721bd1ee8.

People

Vote (0)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved:
    Days since last comment:
    1 year, 41 weeks, 5 days ago