Details

      Description

      Steps to reproduce:
      1. Add the following to portal-ext.properties:

      login.create.account.allow.custom.password=true
      

      2. Start the portal
      3. Click on "Create Account"
      4. Fill out all fields for the new account, and set the following password:

      <script>alert('XSS')</script>
      

      5. Save the account

      Expected Result: The account is created, script is not executed.
      Actual Result: You will get a popup with "XSS" message, which means that the script run.

       

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              ugurcan.cetin Uğurcan Çetin (Inactive)
              Participants of an Issue:
              Recent user:
              Uğurcan Çetin (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 17 weeks, 5 days ago

                Packages

                Version Package