Details

      Description

      We had a security scan done on our application by security team and there were few XSS issues caused in liferay top_js.jspf.
      The tool was able to insert scripts in below file of top_js.jspf and navigation.vm. Also we have created our own theme using sdk.
      I am using Liferay Portal Community Edition 6.1.0 CE (Paton / Build 6100 / December 15, 2011)

      top_js.jspf

      1. getURLHome: function()

      { return "http://<script>alert(document.domain)</script>/web/..."; }

      2. Liferay.AUI = { getBaseURL: function()

      { return 'http://<script>alert(document.domain)</script>/html/js/aui/'; }

      navigation.vm file

      3. <a href="http://<script>alert(document.domain)</script>/web/ ........

      I don't have any information how the tool used by security team was able to insert inline scripts.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 32 weeks, 1 day ago

                Packages

                Version Package
                6.2.0 CE M5