Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-27280

xss vulnerability in upload_progress_poller

        Details

        • Type: Bug
        • Status: Closed
        • Resolution: Fixed
        • Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1, 6.2.0 CE M2
        • Fix Version/s: 6.0.X EE, 6.1.1 CE GA2, 6.1.20 EE GA2, --Sprint 11/12, 6.2.0 CE M2
        • Component/s: Accessibility, Security Vulnerability
        • Labels:
        • Environment:
        • Branch Version/s:
          6.1.x, 6.0.x
        • Backported to Branch:
          Committed
        • Fix Priority:
          3

          Activity

          Ascending order - Click to sort in descending order
          Hide
          Permalink
          mark.jin Mark Jin (Inactive) added a comment -

          Hi Jelmer,

          Thank you for your report. I was able to reproduce this issue in our current trunk head. I will update this ticket to reflect this issue.

          Thanks.

          Show
          mark.jin Mark Jin (Inactive) added a comment - Hi Jelmer, Thank you for your report. I was able to reproduce this issue in our current trunk head. I will update this ticket to reflect this issue. Thanks.
          Hide
          Permalink
          iliyan.peychev Iliyan Peychev (Inactive) added a comment -

          Sent PR to Nate for review:
          https://github.com/natecavanaugh/liferay-portal/pull/640

          Show
          iliyan.peychev Iliyan Peychev (Inactive) added a comment - Sent PR to Nate for review: https://github.com/natecavanaugh/liferay-portal/pull/640
          Hide
          Permalink
          mark.jin Mark Jin (Inactive) added a comment -

          PASSED Manual Testing following the steps in the description.

          Reproduced on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.10 EE GA1.

          Able to see the pop up page.

          Fixed on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: a7fae664079fadbf1383e1090a858f5b908c4458.
          Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: ec3c3593540c45dc3d2e701eeff1eb2c2912dc58.

          Unable to see the pop up page.

          Show
          mark.jin Mark Jin (Inactive) added a comment - PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0 + MySQL 5. Portal 6.1.10 EE GA1. Able to see the pop up page. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: a7fae664079fadbf1383e1090a858f5b908c4458. Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: ec3c3593540c45dc3d2e701eeff1eb2c2912dc58. Unable to see the pop up page.
          Hide
          Permalink
          mark.jin Mark Jin (Inactive) added a comment -

          PASSED Manual Testing following the steps in the description.

          Fixed on:
          Tomcat 6.0 + MySQL 5. Portal 6.0.x EE GIT ID: ec5c47db8fc85986edffc6349d1334477b6d6fbd.

          Show
          mark.jin Mark Jin (Inactive) added a comment - PASSED Manual Testing following the steps in the description. Fixed on: Tomcat 6.0 + MySQL 5. Portal 6.0.x EE GIT ID: ec5c47db8fc85986edffc6349d1334477b6d6fbd.
          Hide
          Permalink
          edward.gonzales Edward Gonzales (Inactive) added a comment -

          Slated for inclusion in 6.1.1 CE GA2

          Show
          edward.gonzales Edward Gonzales (Inactive) added a comment - Slated for inclusion in 6.1.1 CE GA2
          Hide
          Permalink
          samuel.kong Samuel Kong added a comment -

          Committed on:
          Portal 6.1.x CE GIT ID: bc71cd89572ad346d5b5c2a0042b1ef721bd1ee8.

          Show
          samuel.kong Samuel Kong added a comment - Committed on: Portal 6.1.x CE GIT ID: bc71cd89572ad346d5b5c2a0042b1ef721bd1ee8.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 13 weeks ago

                Development

                  Subcomponents