XSS in group membership requests

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 6.0.6 GA, 6.0.12 EE, 6.1.1 CE GA2, 6.1.20 EE GA2
Fix Version/s: 6.0.X EE, 6.1.X EE, 6.2.0 CE M2
Component/s: Personalization, Personalization > My Sites, WCM, WCM > Sites Administration
Labels:
- QA-R

Branch Version/s:

6.1.x, 6.0.x
Backported to Branch:

Committed
Fix Priority:
3

Similar Issues:

Show 5 results

Description

REPRODUCTION STEPS: (6.0.x Community equals 6.1.x and trunk sites)
1. Create a Community and set its type to restricted.
2. Add portlet "My Communities" on a page.
3. Log in with a different user, who is not a member of the created community.
4. On the "My Communities" portlet change to tab "Available Communities".
5. Search for the created community and click on "Request Membership".
6. Type the following into comment field: <script>alert('XSS');</script>
7. Log out and log in as the owner or admin of the community.
8. Go to "My Communities" Portlet and select "View Membership Request" from the Actions menu.

And also reproduced the same behaviour with "Reply Comments" textbox.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Matthew Lee added a comment - 21/Aug/12 3:43 PM

Committed on:
Portal 6.2.x GIT ID: e5e8fd29e2ec62c8e0f9999ec986067ae0f078ea.

Show

Matthew Lee added a comment - 21/Aug/12 3:43 PM Committed on: Portal 6.2.x GIT ID: e5e8fd29e2ec62c8e0f9999ec986067ae0f078ea.

Hide

Permalink

Pani Gui added a comment - 21/Aug/12 10:07 PM

PASSED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 6.0 + MySQL 5. 6.0.12 EE.
Tomcat 7.0 + MySQL 5. 6.1.20 EE GA2.

There is XSS in group membership requests.

Fixed on:
Tomcat 6.0 + MySQL 5. Portal 6.0.x GIT ID: 48a082c57b38dfc09c06f3fa03430f951fb17305.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 12d6f070f68b9b25f71783de416fcb7a9c7696f5.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 5d6109f42b95c3f75c12f6f4d80c3929b010ac12.

XSS is unable to be executed in group membership requests.

Show

Pani Gui added a comment - 21/Aug/12 10:07 PM PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 6.0 + MySQL 5. 6.0.12 EE. Tomcat 7.0 + MySQL 5. 6.1.20 EE GA2. There is XSS in group membership requests. Fixed on: Tomcat 6.0 + MySQL 5. Portal 6.0.x GIT ID: 48a082c57b38dfc09c06f3fa03430f951fb17305. Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 12d6f070f68b9b25f71783de416fcb7a9c7696f5. Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 5d6109f42b95c3f75c12f6f4d80c3929b010ac12. XSS is unable to be executed in group membership requests.

People

Assignee:

Pani Gui

Reporter:

Kalman Vincze

Participants of an Issue:

Kalman Vincze, Matthew Lee, Pani Gui

Vote (0)

Watch (1)

Dates

Created:

17/Aug/12 4:46 AM

Updated:

03/Apr/13 5:01 PM

Resolved:

17/Aug/12 11:04 PM

Days since last comment:

39 weeks, 1 day ago

Agile

View on Board

~~LPS-31642~~	XSS Vulnerability in Site membership request form
~~LPS-32808~~	Check membership policies everytime the user is added or removed from a user group
~~LPS-2272~~	Community administrator not able to approve membership requests
~~LPS-5709~~	After requesting for membership message should be changed
~~LPS-2465~~	When replying to a membership request, the requester's name is displayed incorrectly