Actions
Bug #19523
closedCrossite scripting vulnerability in Core ext. felogin
Start date:
2008-10-29
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.2
PHP Version:
4.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
The redirect_url parameter in felogin extension is not filtered by htmlspecialchars.
I have test this on a fresh installed Tzpo3 4.2.2 without anz third partz extensions.
Simple create a loginform and call the login page e.g with this url:
"login" is the alias of the login page
Note: In some cases the server configuration can prevent this isue.
(issue imported from #M9673)
Files
Actions