-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Won't Fix
-
Affects Version/s: 6.1.20 EE GA2, 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
-
Fix Version/s: 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
-
Component/s: Security Vulnerability
-
Labels:None
-
Environment:Tomcat 7.0 + MySQL 5. Portal ee-6.1.30 GIT ID: 4fdea5cc6c0b1f13c4b0ea4d0a054d56d6e87576.
Plugins ee-6.1.20 EE GIT ID: d9183a6a508a9bcd04a129577e31c0ed3a46c072.
Tomcat 7 + MySQL 5. Portal 6.1.x GIT ID: 81bf916b461b5475b17faf4c56660632c79b696a.
Plugins 6.1.x EE GIT ID: 89404a9eea98da85203caae4a4b2745e2970a26b
Tomcat 7 + MySQL 5. Portal 6.2.x GIT ID: 9ec2631b9cd9c9e1cfc57db16c454be2a52e52de.
Plugins 6.2.x GIT ID: c80ead5aa19e422b4a600e4a9017190ff4e9c659.Tomcat 7.0 + MySQL 5. Portal ee-6.1.30 GIT ID: 4fdea5cc6c0b1f13c4b0ea4d0a054d56d6e87576. Plugins ee-6.1.20 EE GIT ID: d9183a6a508a9bcd04a129577e31c0ed3a46c072. Tomcat 7 + MySQL 5. Portal 6.1.x GIT ID: 81bf916b461b5475b17faf4c56660632c79b696a. Plugins 6.1.x EE GIT ID: 89404a9eea98da85203caae4a4b2745e2970a26b Tomcat 7 + MySQL 5. Portal 6.2.x GIT ID: 9ec2631b9cd9c9e1cfc57db16c454be2a52e52de. Plugins 6.2.x GIT ID: c80ead5aa19e422b4a600e4a9017190ff4e9c659.
Step to reproduce:
1. Deploy antisamy-hook portlet.
2. Add blogs portlet, click add blog entry, fill
<p>
This is an xss test</p>
<script>alert("Variant 0. This is an xss test");</script>
<p>
Did it work?</p> to content, click save.
Expected result:
Assert that 'Variant 0. This is an xss test' displays in pop up.
Actual result:
No pop up message.
Discovered with testing, step 7:
https://github.com/liferay/liferay-qa-ee/tree/master/liferay-portal/6.1.x/rss/6.1 - LP - RSS - XSS.markdown