Details

      Description

      REPRODUCTION STEPS: (6.0.x Community equals 6.1.x and trunk sites)
      1. Create a Community and set its type to restricted.
      2. Add portlet "My Communities" on a page.
      3. Log in with a different user, who is not a member of the created community.
      4. On the "My Communities" portlet change to tab "Available Communities".
      5. Search for the created community and click on "Request Membership".
      6. Type the following into comment field: <script>alert('XSS');</script>
      7. Log out and log in as the owner or admin of the community.
      8. Go to "My Communities" Portlet and select "View Membership Request" from the Actions menu.

      And also reproduced the same behaviour with "Reply Comments" textbox.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pani.gui Pani Gui (Inactive)
              Reporter:
              kalman.vincze Kalman Vincze (Inactive)
              Participants of an Issue:
              Recent user:
              Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                8 years, 14 weeks, 6 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.1.30 EE GA3
                  6.2.0 CE M2