Liferay 5.x / 6.x Cross Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047475 漏洞类型
发布时间 2012-05-16 更新时间 2012-05-16
漏洞平台 N/A CVSS评分 N/A
Multiple xss issues in Liferay


Liferay Portal is an enterprise portal written in Java

Multiple xss vulnerabilities where found in liferay. Because liferay
has a "remember me"
option in their login screen that stores an encrypted password in a
cookie this is more
problematic than it otherwise would be

1. xss vulnerability in upload_progress_poller.jsp


2. xss vulnerability in ckeditor.jsp


3. xss vulnerability in the currency converter portlet

To reproduce :

Drag the currency converter on the home page then go to :


4. xss vulnerability in the blog portlet

To reproduce :

1. Drag the blog on the home page,
2. create a blog and add this blog to a category.
3. Go to the list of blog posts, click on the link to category that
you assigned to the blog to,
4. append &tag=<script
type="text/javascript">alert(document.cookie)</script> to the url that
was created when you clicked on the link in step 3

Systems affected (by at least one of the vulnerabilities):

Liferay 6.1 ce
Liferay 6.1 ee
Liferay 6.0.x
Liferay 5.2.x

Vendor status :

Liferay  was notified april 12 2012 by filing a bugs in their public
bugtracker under issue numbers
LPS-27280, LPS-27281, LPS-27282, LPS-27283 The issues have not yet been resolved