Project

General

Profile

Actions
Copy link

Bug #19822

closed

XSS vulnerability in sysext indexed_search

Added by Marcus Krause almost 16 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Marcus Krause
Category:
Indexed Search
Target version:
-
Start date:
2009-01-14
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2009010610000014

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
In the indexed_search backend module the title and filename are not escaped. Exploitable e.g. by multiple files.

Solution:
Wrap them by hsc.

Provided by TYPO3 Security Team
(issue imported from #M10134)

Files

Download all files
10134_4-0.diff (1.35 KB) 10134_4-0.diff Administrator Admin, 2009-01-14 23:54
10134.diff (1.36 KB) 10134.diff Administrator Admin, 2009-01-18 18:03
Actions
Copy link
 #1

Updated by Marcus Krause almost 16 years ago

Patch will be added until Jan 15, 2009.

Actions
Copy link
 #2

Updated by Marcus Krause almost 16 years ago

patch added for 4-0 branch

Actions
Copy link
 #3

Updated by Marcus Krause almost 16 years ago

patch added for 4-1 up to trunk

all patches are now available
-> ready to be committed

Actions
Copy link
 #4

Updated by Ingo Renner almost 16 years ago

fixed in 4.0.10, 4.1.8, 4.2.4, and trunk

Actions
Copy link
 #5

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF