Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-56000

XSS in DDL (ie: TO Do List SpreadSheet View)

Details

    • 3

    Description

      1. Create a data definition and select "to DO " in Data Definition (Required) field and click "SAVE"
      2. Go To Actions and open Spreadsheet view then a screen with Excel like view opens and
      3.Click on Assigned To and give the payload as "><img src=x onerror=alert('XSS');> and XSS Executes it seems to be persistent and most dangerous as it keeps on executing as an when I go to that DDL post

      4.Drop the portlet on the page with corresponding XSS DDL and in the page XSS executes

      Attachments

        Activity

          People

            samuel.kong Samuel Kong
            vikas.ch Vikas Chopalli (Inactive)
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              7 years, 17 weeks, 3 days ago

              Packages

                Version Package
                6.2.3 CE GA4