Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-79751

Site Pages are not properly sanitized from XSS attacks in context of custom Navigation Menus

    Details

      Description

      Description:
      Site Pages can be created with any name currently, as long as they are not null. Although there is some protection to prevent them from running upon loading pages, they can still be executed within the context of navigation menus because when the sidebar loads its pointer to a Site Page and its name, it is not properly sanitized, so if a Site Name is a script, it will run the script.

      Although it is unclear how dangerous this interaction can be, it is not a bad idea to prevent it from existing to prevent any security risks from being an issue.

      Steps to Reproduce:

      1. Add a Site Page with its name as your script inside <script> </ script> tags
        (i.e.: <script> x = document.cookie; alert; </script>)
      2. Go to Site Administration > Navigation > Navigation Menus
      3. Navigate into Default Navigation Menu
      4. Add your scripted site page name into the custom navigation menu multiple times
      5. Click on your scripted site page.

      Expected Result
      Script not runnable

      Actual Result
      Script runnable

      Reproduced on:
      Tomcat 9.0.6 + MySQL 5.7
      Portal master GIT ID: 13c6a6b4f26effb5d42e82db120c60a8698ae071

        Attachments

          Activity

            People

            • Assignee:
              kyle.miho Kyle Miho
              Reporter:
              kyle.miho Kyle Miho
              Participants of an Issue:
              Recent user:
              Jason Pince
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 26 weeks, 1 day ago

                Packages

                Version Package
                7.1.0 Beta 1
                7.1.X
                Master