Details

    • Bug
    • Status: Closed
    • Resolution: Fixed
    • 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
    • 6.1.X EE, 6.2.0 CE B2
    • Security Vulnerability

    Description

      1. Finish LPS-37747 steps.
        1. Go to Control Panel/Wiki.
        2. Click Add Wiki button.
        3. Fill title: <script>alert("xss")</script>.
        4. Save
      2. Checkpoint: You should not see the XSS.
      3. Back to liferay.com.
      4. Add wiki portlet to new page.

      Expected result:
      Users should see the wiki portlet without any XSS.

      Actual result:
      XSS appear.

      Attachments

        Issue Links

          Activity

            People

              mark.jin Mark Jin (Inactive)
              mark.jin Mark Jin (Inactive)
              Marta Elicegui Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9 years, 6 weeks, 4 days ago

                Packages

                  Version Package
                  6.1.X EE
                  6.2.0 CE B2