-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.2.0 CE GA1, 7.0.0 M3
-
Fix Version/s: 6.2.3 CE GA4, 6.2.X EE, 7.0.0 M1
-
Component/s: Security Vulnerability, ~ [Archived] Frontend Infrastructure
-
Environment:Tomcat 7.0.42 + MySQL 5.5.34. Portal master GIT ID: 9cc4997fe5920c162862c06686b88dd9549af70f.
-
Branch Version/s:6.2.x
-
Backported to Branch:Committed
-
Story Points:5
-
Fix Priority:4
-
Git Pull Request:
- Create a Site named <script>alert("123");</script> .
- Give a page to the site.
- View the page -> Admin -> control panel.
Expected result:
There should be no JS alert shows up.
Actual result:
It will alert JS window.
CVSS Base Score: 7.1 CVSS Temporal Score: 5.6 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C/E:P/RL:OF/RC:C)