Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-28132

Fix view_question.jsp and view_question_results.jspf to prevent XSS in Polls Portlet

    Details

      Description

      Step to reproduce:

      1st scenario:

      • Go to Contol Panel/Polls
      • Add a new Question and paste this "><script>alert(document.cookie);</script>" (with the quotes!) into the DESCRIPTION field
      • Save
      • Click on the Question to open >>> An alert will pop-up

      *2nd scenario: *

      • Go to Contol Panel/Polls
      • Add a new Question and paste this "><script>alert(document.cookie);</script>" (with the quotes!) into one of the CHOICE field
      • Save
      • Click on the Question to open and vote
      • Open the Question to see the results >>> An alert will pop-up

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mark.jin Mark Jin (Inactive)
              Reporter:
              tibor.lipusz Tibor Lipusz
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 5 weeks, 6 days ago

                  Packages

                  Version Package
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  --Sprint 11/12
                  6.2.0 CE M2