XSS Issues in Metadata Sets.
Description
Environment
Tomcat 7.0 + MySQL 5. 6.1.x EE GIT ID: 34df7d1009e8c6582c8176152f28e07ad05d6133q.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 689dfa8d5cc1d078885e8132b78f58540fc76447.
Attachments
1
relates
Activity
Show:
Sharry ShiJune 1, 2012 at 12:58 AMEdited
PASSED Manual Testing following the steps in the description.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.0 CE GA1.
The New Metadata Set named <script>alert("xss")</script> show as an alert.
Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x CE GIT ID: 4ff1b724438fa61b000f24b51fb51309cad6e2a8.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 05c1af41aa32cc740b67c8cc937864abd5bb351b.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: a72fe03b6a054e2fc0f5ce30624cb5f424683e1d.
The New Metadata Set named <script>alert("xss")</script> does not show as an alert.
Michael SaechangMay 30, 2012 at 10:38 AMEdited
Committed on:
Portal 6.1.x CE GIT ID: 4e0fd98f1a23a51dffccae8e82ffaef36d28233f.
Portal 6.2.x GIT ID: 7233e1d085208f1da79f9ddea5e0f8dd381cf7b8.
Fixed
Details
Assignee
Sharry ShiSharry Shi(Deactivated)Reporter
Mark JinMark Jin(Deactivated)Branch Version/s
6.1.xBackported to Branch
CommittedFix Priority
4Git Pull Request
Components
Affects versions
Priority
Medium
Details
Details
Assignee
Sharry ShiReporter
Mark JinBranch Version/s
6.1.x
Backported to Branch
Committed
Fix Priority
4
Git Pull Request
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created April 5, 2012 at 8:27 PM
Updated June 24, 2023 at 3:48 PM
Resolved October 4, 2012 at 2:37 PM
1. Add Documents and Media portlet.
2. Click Manage Drop menu.
3. Click Metadata Sets.
4. Fill <script>alert("xss")</script> in the name.
5. Click Save.