Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-59950

XSS vulnerability in search container (in header)

    Details

    • Story Points:
      12

      Description

      Steps to reproduce:
      1.Go to control panel
      2.Select Users & Organizations
      3. In the URL address window, go to end and add below xss code and press enter
      &692d3"><x%20style%3dx%3aexpression(open(alert(1)))>13b6a
      4. Right click on the page and click on "View Source". You will find below unescaped java script code
      <x style=x:expression(open(alert(1)))>

      Also seeing below errors in the console logs
      15:51:29,707 INFO [STDOUT] 15:51:29,703 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 34: 39: syntax error
      15:51:29,727 INFO [STDOUT] 15:51:29,727 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 56: 43: syntax error
      15:51:29,728 INFO [STDOUT] 15:51:29,728 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 78: 39: syntax error
      15:51:29,729 INFO [STDOUT] 15:51:29,729 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 100: 43: syntax error
      15:51:29,730 INFO [STDOUT] 15:51:29,729 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 122: 39: syntax error
      15:51:29,730 INFO [STDOUT] 15:51:29,730 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 144: 43: syntax error
      15:51:29,732 INFO [STDOUT] 15:51:29,732 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:101] 1: 0: Compilation produced 6 syntax errors.
      15:51:29,736 INFO [STDOUT] 15:51:29,736 ERROR [http-localhost%2F127.0.0.1-8080-9][MinifierUtil:79] JavaScript Minifier failed for

      // <![CDATA[

      Liferay.Portlet.onLoad(

      { canEditTitle: true, columnPos: 0, isStatic: 'end', namespacedId: 'p_p_id_160_', portletId: '160', refreshURL: '\x2fc\x2fportal\x2frender_portlet\x3fp_l_id\x3d10175\x26p_p_id\x3d160\x26p_p_lifecycle\x3d0\x26doAsGroupId\x3d17814\x26refererPlid\x3d17847\x26p_t_lifecycle\x3d0\x26p_p_state\x3dnormal\x26p_p_mode\x3dview\x26p_p_col_id\x3d\x26p_p_col_pos\x3d0\x26p_p_col_count\x3d0\x26p_p_isolated\x3d1\x26currentURL\x3d\x252Fgroup\x252Fcontrol_panel\x252Fmanage\x253Fp_p_id\x253D125\x2526p_p_lifecycle\x253D0\x2526p_p_state\x253Dmaximized\x2526p_p_mode\x253Dview\x2526doAsGroupId\x253D17814\x2526refererPlid\x253D17847\x2526692d3\x2522\x253E\x253Cx\x252520style\x25253dx\x25253aexpression\x2528open\x2528alert\x25281\x2529\x2529\x2529\x253E13b6a' }

      );

        Attachments

          Activity

            People

            Assignee:
            hong.zhao Hong Zhao
            Reporter:
            ravikuwi Ravi Gurram
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              5 years ago

                Packages

                Version Package
                6.1.X EE
                6.2.X EE
                7.0.0 Alpha 2