Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-28810

XSS issues in plugin installer and software catalog

    Details

      Description

      How to reproduce

      Create 2 framework versions in Software catalog portlet:

      1. Go to Control panel -> Software Catalog (under default liferay.com site)
      2. Under Framework versions add 2 framework version
        1. First one with name: '"><script>alert('framework-version-name')</script>
        2. Second one with portal version (for 6.1.0 CE = 6.1.0, for 6.0 EE SP 2 = 6.0.12): 6.0.12

      Create a software licence:

      1. Under Licences add Licence with name: '"><script>alert('licence-name')</script>

      Create a product in Software catalog:

      1. Under Products click Create Product
      2. Javascript alert "licence-name" should appear (EDIT: fixed by LPS-27675)
      3. Create product, these fields are important:
        1. Tags: '"><script>alert('product-tags')</script>
        2. Long Description: '"><script>alert('product-long-desc')</script>
        3. Site Id (Group Id for 6.0 EE): '"><script>alert('product-siteid')</script>
        4. Artifact Id: '"><script>alert('product-artifactid')</script>
      4. Save

      Create product version:

      1. Click on our product to display it
      2. Javascript alert "licence-name" should appear (EDIT: fixed by LPS-27675)
      3. Click Add product version
      4. Javascript alert "framework-version" should appear (EDIT: fixed by LPS-27675)
        1. Inside Change Log paste:'"><script>alert('product-version-changelog')</script>
        2. Select both supported framework versions
        3. Fill other fields and save
      5. Javascript alert "licence-name" should appear (EDIT: fixed by LPS-27675)
      6. Javascript alert "product-version-changelog" should appear (EDIT: fixed by LPS-27675)

      Add new plugins repository:

      1. Go to Control Panel -> Plugins Installation
      2. Click Install More Portlets, Click Configuration
      3. Into Trusted Plugins Repositories add http://localhost:8080/software_catalog and click Save

      Browse Repository (6.1)

      1. Go to Control Panel -> Plugins Installation, Click Install More Portlets
      2. Following JS Alerts should appear:
        1. product-tags
        2. product-tags
        3. product-artifactid
        4. product-tags
        5. product-siteid
        6. product-artifactid
      3. Click on the malicious plugin record, following JS alerts should appear
        1. framework-version-name
        2. product-long-desc
        3. product-version-changelog

      Browse Repository (6.0 - plugins search doesn't work for me )

      1. Go to Control Panel -> Plugins Installation, Click Install More Portlets
      2. Following JS Alerts should appear:
        1. product-tags
        2. product-tags

      Browse Repository (5.2)

      1. Go to Control Panel -> Plugins Installation, Click Install More Portlets
      2. Following JS Alerts should appear:
        1. product-tags
        2. product-tags
        3. product-artifactid
        4. product-tags
      3. Click on the malicious plugin record, following JS alerts should appear
        1. licence-name
        2. framework-version-name
        3. product-long-desc
        4. product-version-changelog

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              christine.pince Christine Pince (Inactive)
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 1 week, 3 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  --Sprint 11/12
                  6.2.0 CE M2