XSS in web content summary + asset publisher
Description
Activity
Hong Zhao April 9, 2015 at 12:40 AM
No longer support 6.0.x EE, close as fixed.
Serena Song August 6, 2012 at 12:44 AM
PASSED Manual Testing following the steps in the description.
Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GIT ID: b63a515afd2116f7d0e5f9ef2e71b34e5538f1cf.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 32d80b3096d5dddd356cf616f8ff0972bceb88ad.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: a1504ad0359b4095cb7dc02c0857500937487390.
No javascript alert.
Michael Saechang July 31, 2012 at 7:17 PM
Removed fix versions until new commit goes in.
Mark Jin July 26, 2012 at 6:52 PMEdited
FAILED Manual Testing following the steps in the description.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.10 EE GA1.
Able to see the javascript alert.
Failed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GIT ID: 0a9020b920d055a2c9d4f1f3eb6ee31cee22f895.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 1a8a706674247fc72355c506fabbe5bc0b2a9bff.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 4fbe1e8940bd1e26faeca3bf1541a7f777b061f4.
Same result with affects version.
Michael Saechang July 25, 2012 at 4:31 PM
Committed on:
Portal 6.1.x CE GIT ID: 0c846ffd9d7d441ad6e62a586555fe6c2aaf1bf8.
Portal 6.2.x GIT ID: ab224edf2ed74c71dfe24a1d8eeb9f9fa03b597c.
Details
Assignee
Hong ZhaoHong Zhao(Deactivated)Reporter
TomasTomasBranch Version/s
6.1.x6.0.xBackported to Branch
CommittedFix Priority
4Git Pull Request
Story Points
1Components
Affects versions
Priority
Medium
Details
Details
Assignee
Hong ZhaoReporter
TomasBranch Version/s
Backported to Branch
Fix Priority
Git Pull Request
Story Points
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
How to reproduce
Create web content and into Abstract -> Summary(Description for 6.0.x) fill: "'><script>alert('xss')</script>, publish Web Content
Add asset publisher on a page, javascript alert should appear