Details

    • Affects Portal Version/s:
      6.2.x
    • Similar Issues:
      Show 3 results 

      Description

      Steps to reproduce:
      1, Create an entry
      1A: URL: http://localhost/'"><img src=x onerror=alert(/url/)>
      1B, Open Browser JS Console and enter: _84_type.selectedOptions[0].value="\'\"><img src=x onerror=alert(/type/)>"
      1C, Specify some title & content
      1D, Save
      2, Display the entry

      Expected behaviour - no pop-ups
      Actual behaviour - two pop-ups appear (url and type)

        Activity

        Hide
        Ken Duenwald added a comment -

        PASSED Manual Testing following the steps in the description.

        Reproduced on:
        Tomcat 7.0.42 + MySQL 5. Portal 6.2.0 CE GA1.
        Plugins 6.2.x CE GIT ID: 8a9b920fc1e592a0c6b325791739bb8dc290d69c.

        Fixed on:
        Tomcat 7.0.42 + MySQL 5. Portal 6.2.0 CE GA1.
        Plugins 6.2.x CE GIT ID: be8f89646934386492a1eef74582bcb969235ebd.

        Running step 1B resulted in errors in JS console; ran test without step 1B per Evan's instructions.

        Show
        Ken Duenwald added a comment - PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0.42 + MySQL 5. Portal 6.2.0 CE GA1. Plugins 6.2.x CE GIT ID: 8a9b920fc1e592a0c6b325791739bb8dc290d69c. Fixed on: Tomcat 7.0.42 + MySQL 5. Portal 6.2.0 CE GA1. Plugins 6.2.x CE GIT ID: be8f89646934386492a1eef74582bcb969235ebd. Running step 1B resulted in errors in JS console; ran test without step 1B per Evan's instructions.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Date of First Response:
              Days since last comment:
              1 year, 15 weeks ago

              Development

                Structure Helper Panel