Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-30940

cdn_host parameter allows JS injection (XSS)

    Details

      Description

      www.liferay.com POC:
      http://www.liferay.com/?cdn_host=http%3A%2F%2Fwww.ocf.berkeley.edu%2F~samkong%2Ftemp%2Fliferay_cdn_host

      The "cdn_host" URL parameter allows anyone to modify the CDN. Since JavaScript files are served by the CDN, an
      attacker can setup a fake CDN host and serve up malicious JavaScript.

      Same attack can also allow an attacker to modify any CSS or images served by the CDN

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  6 years, 40 weeks, 6 days ago

                  Packages

                  Version Package
                  6.1.2 CE GA3
                  6.1.30 EE GA3
                  6.2.0 CE M2