Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-27994

XSS vulnerability on Document Library Types

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1
    • Labels:
    • Environment:

      Description

      Steps to reproduce:
      Case 1:
      1. Add New Document Type.
      2. Drag Main Metadata Fields, Text and Text Box, Save.
      3. Add a new document using this New Document Type.
      3. Fill out <script>alert("xss")</script> for Text and Text Box field. Save.
      4. Try to click on the document.

      Xss alert will display.
      In this case, text and Text Box have xss problem when creating New Document Type and adding New Data Definition in Dynamic Data List portlet.

      Case 2
      1. Add New Document Type with name "<script>alert("xss")</script>".
      2. Add document with this type.
      Note: Only fill out description with "<script>alert("xss")</script>" won't occur xss alert

      Xss alert will display when try to click on this document.

      Case 3:
      1. Add New Document Type with name "<script>alert("xss")</script>"
      2. Add an Asset Publish portlet.

      Xss alert will occur.

      Case 4.
      1. Add an Asset Publish portlet first.
      2. Add New Document Type with name "<script>alert("xss")</script>"
      3. Try to upload a document with this document type.

      Xss alert will occur.

      Console error:
      05:57:24,407 ERROR [MinifierUtil:109] 1: 10: Unexpected end of file
      05:57:24,408 ERROR [MinifierUtil:109] 1: 0: Compilation produced 1 syntax errors.
      05:57:24,409 ERROR [MinifierUtil:75] JavaScript Minifier failed for
      alert-xss-

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              justin.choi Justin Choi (Inactive)
              Reporter:
              sophia.zhang Sophia Zhang
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 3 weeks, 1 day ago

                  Packages

                  Version Package
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  --Sprint 11/12
                  6.2.0 CE M2