Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-56000

XSS in DDL (ie: TO Do List SpreadSheet View)

    Details

    • Fix Priority:
      3

      Description

      1. Create a data definition and select "to DO " in Data Definition (Required) field and click "SAVE"
      2. Go To Actions and open Spreadsheet view then a screen with Excel like view opens and
      3.Click on Assigned To and give the payload as "><img src=x onerror=alert('XSS');> and XSS Executes it seems to be persistent and most dangerous as it keeps on executing as an when I go to that DDL post

      4.Drop the portlet on the page with corresponding XSS DDL and in the page XSS executes

        Attachments

          Activity

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              vikas.ch Vikas Chopalli
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 33 weeks, 3 days ago

                Packages

                Version Package
                6.2.3 CE GA4