Crossite scripting vulnerability in Core ext. felogin
PHP Version on Testsystem is 5.2
Thanks to Matthias Humbert to.
This will be handled by TYPO3 Security Team from now on.
Logout is also vulnerable for the issue. I attach a different patch that solves the problem for both login and logout.
Issue confirmed for 4.2.0, 4.2.1, 4.2.2
mentioned additional logout vulnerability confirmed for 4.2.2
added patch that could be successfully applied to current rb42 revision (as 2nd hunk of Dmitry's patch will fail due to outdated working copy)
modifications are the same like in Dmitry's one
credits go to Dmitry! ;-)
thanks from me too!
I integrated that in #9681, did a version for 4.2 and will declare this as cleaning up to CGL (which i did, missing spaces) and a forgotten HSC that can destroy HTML output.
fixed through patch for issue #9681
- Project changed from Core Security to TYPO3 Core
- Description updated (diff)
- Category deleted (
- Target version deleted (
- Is Regression set to No
Also available in: Atom