Liferay 5.x / 6.x Cross Site Scripting

Type packetstorm
Reporter Jelmer Kuperus
Modified 2012-05-15T00:00:00


                                            `Multiple xss issues in Liferay  
Liferay Portal is an enterprise portal written in Java  
Multiple xss vulnerabilities where found in liferay. Because liferay  
has a "remember me"  
option in their login screen that stores an encrypted password in a  
cookie this is more  
problematic than it otherwise would be  
1. xss vulnerability in upload_progress_poller.jsp  
2. xss vulnerability in ckeditor.jsp  
3. xss vulnerability in the currency converter portlet  
To reproduce :  
Drag the currency converter on the home page then go to :  
4. xss vulnerability in the blog portlet  
To reproduce :  
1. Drag the blog on the home page,  
2. create a blog and add this blog to a category.  
3. Go to the list of blog posts, click on the link to category that  
you assigned to the blog to,  
4. append &tag=<script  
type="text/javascript">alert(document.cookie)</script> to the url that  
was created when you clicked on the link in step 3  
Systems affected (by at least one of the vulnerabilities):  
Liferay 6.1 ce  
Liferay 6.1 ee  
Liferay 6.0.x  
Liferay 5.2.x  
Vendor status :  
Liferay was notified april 12 2012 by filing a bugs in their public  
bugtracker under issue numbers  
LPS-27280, LPS-27281, LPS-27282, LPS-27283 The issues have not yet been resolved