Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-41581

Wiki XSS scripting issue with html text-type

    Details

      Description

      Description

      Via the wiki portlet, one can input script via HTML text-type when editing or adding wiki entry. After the input, the javascript will be run if a user click on the link created from the HTML text-type.

      Steps to Reproduce

      1)Create or edit a wiki post
      2) Go to "source" view
      3) add the following line in "HTML format.
      <a href="javascript:alert(3002)">link here</a></p>
      4) Click publish.
      5) Notice the displayed link, and click on it.
      6) You receive a popup that says "3002."

        Attachments

          Activity

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              ira.chui Ira Chui
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 51 weeks, 6 days ago

                Packages

                Version Package
                6.1.20 EE GA2