Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 6.1.X EE, 6.2.0 CE RC6
    • Fix Version/s: 6.1.X EE, 6.2.0 CE GA1
    • Component/s: Security Vulnerability
    • Labels:
    • Environment:
      Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 4c90c285c9daf7220740d8f10a871206fb5d370d.
      Tomcat 7.0 + MySQL 5. Portal master GIT ID: 3da3d2997afa1a1b2d355437307e3dcfd66ca9df.

      Description

      Steps to reproduce:

      1. Go to Control Panel > Server Administration > Log Levels.
      2. Click Add Category.
      3. Paste following script in the field.
      <Script Language="JavaScript"> alert("hello word!"); </Script>
      4. Save.
      5. Click Update Categories.

      Expected result:
      The alert window should not pop up.

      Actual result:
      An alert window pops up.


      CVSS Base Score: 8.5
      CVSS Temporal Score: 6.7
      CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C/E:P/RL:OF/RC:C)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hong.zhao Hong Zhao
                Reporter:
                pani.gui Pani Gui (Inactive)
                Participants of an Issue:
                Recent user:
                Esther Sanz
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 40 weeks, 3 days ago

                  Packages

                  Version Package
                  6.1.X EE
                  6.2.0 CE GA1