Cross Site Scripting (Reflected) and SQL Injection in liferay dxp

Message Boards

Rayappa Hattarwat, modified 4 Years ago.

Cross Site Scripting (Reflected) and SQL Injection in liferay dxp

Junior Member Posts: 89 Join Date: 8/11/15 Recent Posts

Hi ,
How will doing Cross Site Scripting (Reflected) and SQL Injection in liferay dxp.can you tell me.

Regards,
Rayappa

Olaf Kock, modified 4 Years ago.

RE: Cross Site Scripting (Reflected) and SQL Injection in liferay dxp

Liferay Legend Posts: 6403 Join Date: 9/23/08 Recent Posts

Rayappa Hattarwat:

How will doing Cross Site Scripting (Reflected) and SQL Injection in liferay dxp.can you tell me.

Are you asking how to do it? Or what to do if you found such an issue?
On "how": The answer is that you don't - unless you know of a bug or misconfiguration. E.g. it's possible to allow arbitrary HTML content for trusted users - which can cause XSS. But that would be a matter of gaining the required permissions. SQL injection is not possible.
If you find a related issue, check https://liferay.com/security. And, as you mention DXP: Open a ticket.

Rayappa Hattarwat, modified 4 Years ago.

RE: Cross Site Scripting (Reflected) and SQL Injection in liferay dxp

Junior Member Posts: 89 Join Date: 8/11/15 Recent Posts

Hi Olaf Kock,

Thanks for response.