Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-56332

XSS issue in the list view interface in Web content portlet.

    Details

      Description

      1. Navigate to Control Panel > Site Administration > Web Content.
      2. Set the view to List.
      3. Create a Web Content article with the title: "><script>alert('Title1')</script>
      4. Publish the article.

      Expected Result:
      No XSS pop-up will appear.
      Actual Result:
      XSS pop-up appears.

        Attachments

        1. fixed.png
          fixed.png
          27 kB
        2. reproduced.png
          reproduced.png
          142 kB

          Issue Links

            Activity

              People

              Assignee:
              hong.zhao Hong Zhao (Inactive)
              Reporter:
              hai.yu Hai Yu
              Participants of an Issue:
              Recent user:
              Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 13 weeks, 3 days ago

                  Packages

                  Version Package
                  6.2.4 CE GA5
                  6.2.X EE