xss vulnerability in upload_progress_poller
Description
Environment
Tomcat 6.0 + MySQL 5. Portal 6.0.x GIT ID: d2adf8c190bbe292476aaaa921f04eb17d21bafb.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 652d89f693d1542282073b84612b83c739c63692.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: e8fe4e7b06ddf499c700aaebc5902363233c2b26.
Attachments
1
relates
Activity
Show:
Samuel KongJuly 3, 2012 at 1:17 AM
Committed on:
Portal 6.1.x CE GIT ID: bc71cd89572ad346d5b5c2a0042b1ef721bd1ee8.
EdGJune 25, 2012 at 3:44 PM
Slated for inclusion in 6.1.1 CE GA2
Mark JinMay 29, 2012 at 7:05 PM
PASSED Manual Testing following the steps in the description.
Fixed on:
Tomcat 6.0 + MySQL 5. Portal 6.0.x EE GIT ID: ec5c47db8fc85986edffc6349d1334477b6d6fbd.
Mark JinMay 16, 2012 at 6:25 PM
PASSED Manual Testing following the steps in the description.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.10 EE GA1.
Able to see the pop up page.
Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: a7fae664079fadbf1383e1090a858f5b908c4458.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: ec3c3593540c45dc3d2e701eeff1eb2c2912dc58.
Unable to see the pop up page.
Iliyan PeychevMay 15, 2012 at 1:04 PM
Sent PR to Nate for review:
https://github.com/natecavanaugh/liferay-portal/pull/640
Fixed
Details
Assignee
Mark JinMark Jin(Deactivated)Reporter
Jelmer JelmerJelmer JelmerLabels
Branch Version/s
6.1.x6.0.xBackported to Branch
CommittedFix Priority
3Git Pull Request
Components
Affects versions
Priority
Medium
Details
Details
Assignee
Mark JinReporter
Jelmer JelmerLabels
Branch Version/s
6.1.x
6.0.x
Backported to Branch
Committed
Fix Priority
3
Git Pull Request
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created May 12, 2012 at 4:23 AM
Updated June 24, 2023 at 3:48 PM
Resolved July 3, 2012 at 1:17 AM
Login with the URL:
http://localhost:8080/html/portal/upload_progress_poller.jsp?uploadProgressId=a%3D1%3Balert(document.cookie)%3B%2F%2F