Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

XSS vulnerability on Document Library Types

Description

Steps to reproduce:
Case 1:
1. Add New Document Type.
2. Drag Main Metadata Fields, Text and Text Box, Save.
3. Add a new document using this New Document Type.
3. Fill out <script>alert("xss")</script> for Text and Text Box field. Save.
4. Try to click on the document.

Xss alert will display.
In this case, text and Text Box have xss problem when creating New Document Type and adding New Data Definition in Dynamic Data List portlet.

Case 2
1. Add New Document Type with name "<script>alert("xss")</script>".
2. Add document with this type.
Note: Only fill out description with "<script>alert("xss")</script>" won't occur xss alert

Xss alert will display when try to click on this document.

Case 3:
1. Add New Document Type with name "<script>alert("xss")</script>"
2. Add an Asset Publish portlet.

Xss alert will occur.

Case 4.
1. Add an Asset Publish portlet first.
2. Add New Document Type with name "<script>alert("xss")</script>"
3. Try to upload a document with this document type.

Xss alert will occur.

Console error:
05:57:24,407 ERROR [MinifierUtil:109] 1: 10: Unexpected end of file
05:57:24,408 ERROR [MinifierUtil:109] 1: 0: Compilation produced 1 syntax errors.
05:57:24,409 ERROR [MinifierUtil:75] JavaScript Minifier failed for
alert-xss-

Environment

Tomcat 7.0 + MySQL 5. Portal 6.1.x CE GIT ID: 422b9ff8fb3c7171b8e402712899c57516e25fb7. Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 94f8f37a1fe7df90fe4603c7e072ffe80f96c05d. Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 895007003b1534d7a606823ebeeea1f9ad74d4fb.

Activity

Show:

Justin ChoiJuly 25, 2012 at 9:51 AM

PASSED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 9caa758bde0cf4721bf812a96e76cf2825f34dd5.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 338ee7f06716111db1c0f4168bd0b8dbc9fd04b8.

  • All four cases will generate the XSS dialog box. Minifer errors in the console displays.

Fixed on:

Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 844a9390cfc57ce5d12770d26ac9f09f42a9afd4.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 19aabb75583a436fa9861ced02ac9ca08892c76b.

  • No XSS for all four test cases; the Minifer errors are not displayed in the console.

Michael SaechangJuly 24, 2012 at 10:32 AM

Committed on:
Portal 6.1.x CE GIT ID: ae52b8a138a2552c63375b3e4ef47ceb4de0b929.
Portal 6.2.x GIT ID: 063a7779269348617142c02d948812a5bc7e2cd4.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Branch Version/s

6.1.x

Backported to Branch

Committed

Fix Priority

3

Git Pull Request

Components

Fix versions

Affects versions

Priority

Zendesk Support

Created June 17, 2012 at 11:05 PM
Updated June 24, 2023 at 3:49 PM
Resolved August 6, 2012 at 11:39 PM