Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-42750

XSS issue in Mobile Device Rules.

    XMLWordPrintable

Details

    Description

      Case 1 (on site edit menu)

      1. Edit Page ->Mobile Device Rules.
      2. Define specific mobile device rules for this page.
      3. Select Device Family -> Add a Device Family with <script>alert("123");</script> in Name or Description.
      4. Save and Choose the newly created Device Family.
      5. Open the Edit menu

      Case 2 (site administration)

      1. Click Admin -> Pages -> Mobile Device Rules.
      2. Select Device Family -> Add a Device Family with <script>alert("123");</script> in Name or Description.
      3. Save and Choose the newly created Device Family.
      4. Select the Public Pages or the Welcome page (whichever page you set the mobile device)

      Case 3 (my pages administration)

      1. Click Test -> My account -> My pages.
      2. Select Device Family -> Add a Device Family with <script>alert("123");</script> in Name or Description.
      3. Save and Choose the newly created Device Family.
      4. Select the My Profile or the Welcome page (whichever page you set the mobile device)

      Case 4

      1. Go to Control Panel -> Roles -> Administrator -> Action -> View Users.
      2. Click action button -> Click Manage Pages.
      3. Select Device Family -> Add a Device Family with <script>alert("123");</script> in Name or Description.
      4. Save and Choose the newly created Device Family.

      Expected result:
      There should be no JS alert shows up.

      Actual result:
      An alert window appears when the Edit page menu is expanded or when the page is selected. The following errors appear in the console:

      21:32:21,610 ERROR [http-bio-8080-exec-4][IncludeTag:129] Current URL /group/control_panel/manage?p_p_auth=U8Mbo9ls&p_p_id=156&p_p_lifecycle=2&p_p_state=maximized&p_p_mode=view&p_p_cacheability=cacheL
evelPage&doAsGroupId=10204&refererPlid=10444&controlPanelCategory=current_site.pages&_156_treeId=layoutsTree&_156_groupId=10204&_156_tabs1=public-pages&_156_viewLayout=true&_156_struts_action=%2Fgroup
_pages%2Fedit_layouts&_156_selPlid=0&_156_historyKey= generates exception: null
java.lang.NullPointerException
        at org.apache.jsp.html.portlet.layouts_005fadmin.layout.mobile_005fdevice_005frules_005frule_005fgroup_005finstance_005faction_jsp._jspService(mobile_005fdevice_005frules_005frule_005fgroup_00
5finstance_005faction_jsp.java:754)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
        at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:57)
        at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:78)
        at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
        at com.liferay.portal.kernel.dao.search.JSPSearchEntry.print(JSPSearchEntry.java:64)
        at org.apache.jsp.html.taglib.ui.search_005fiterator.page_jsp._jspService(page_jsp.java:1069)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
        at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:57)
        at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:78)
        at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
        at com.liferay.taglib.util.IncludeTag.include(IncludeTag.java:295)
        at com.liferay.taglib.util.IncludeTag.doInclude(IncludeTag.java:192)
        at com.liferay.taglib.util.IncludeTag.doEndTag(IncludeTag.java:83)
        at org.apache.jsp.html.portlet.layouts_005fadmin.layout_005fset.mobile_005fdevice_005frules_jsp._jspx_meth_liferay_002dui_005fsearch_002diterator_005f0(mobile_005fdevice_005frules_jsp.java:191
2)
        at org.apache.jsp.html.portlet.layouts_005fadmin.layout_005fset.mobile_005fdevice_005frules_jsp._jspService(mobile_005fdevice_005frules_jsp.java:1471)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

      Attachments

        Issue Links

          relates

          Regression Bug - Used by Liferay QA to indicate an issue discovered during regression testing LPE-13406 XSS issue in Mobile Device Rules.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              he.song Serena Song (Inactive)
              he.song Serena Song (Inactive)
              Rafaela Nascimento Rafaela Nascimento
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                8 years, 51 weeks, 3 days ago

                Packages

                  Version Package
                  6.2.3 CE GA4
                  6.2.X EE
                  7.0.0 M1