Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-30940

cdn_host parameter allows JS injection (XSS)

    Details

      Description

      www.liferay.com POC:
      http://www.liferay.com/?cdn_host=http%3A%2F%2Fwww.ocf.berkeley.edu%2F~samkong%2Ftemp%2Fliferay_cdn_host

      The "cdn_host" URL parameter allows anyone to modify the CDN. Since JavaScript files are served by the CDN, an
      attacker can setup a fake CDN host and serve up malicious JavaScript.

      Same attack can also allow an attacker to modify any CSS or images served by the CDN

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              luyang.tan Luyang Tan (Inactive)
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                8 years, 7 weeks, 5 days ago

                  Packages

                  Version Package
                  6.1.2 CE GA3
                  6.1.30 EE GA3
                  6.2.0 CE M2