Details

      Description

      Steps to reproduce:
      1. Add the following to portal-ext.properties:

      login.create.account.allow.custom.password=true
      

      2. Start the portal
      3. Click on "Create Account"
      4. Fill out all fields for the new account, and set the following password:

      <script>alert('XSS')</script>
      

      5. Save the account

      Expected Result: The account is created, script is not executed.
      Actual Result: You will get a popup with "XSS" message, which means that the script run.

       

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            ugurcan.cetin Uğurcan Çetin (Inactive)
            Participants of an Issue:
            Recent user:
            Uğurcan Çetin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 19 weeks, 1 day ago

                Packages

                Version Package