Bug #19822: XSS vulnerability in sysext indexed_search - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #19822

closed

XSS vulnerability in sysext indexed_search

Added by Marcus Krause almost 16 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Marcus Krause

Category:

Indexed Search

Target version:

Start date:

2009-01-14

Due date:

% Done:

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2009010610000014

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
In the indexed_search backend module the title and filename are not escaped. Exploitable e.g. by multiple files.

Solution:
Wrap them by hsc.

Provided by TYPO3 Security Team
(issue imported from #M10134)

Files

Download all files

10134_4-0.diff (1.35 KB) 10134_4-0.diff		Administrator Admin, 2009-01-14 23:54
10134.diff (1.36 KB) 10134.diff		Administrator Admin, 2009-01-18 18:03

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #19822

XSS vulnerability in sysext indexed_search

Updated by Marcus Krause almost 16 years ago

Updated by Marcus Krause almost 16 years ago

Updated by Marcus Krause almost 16 years ago

Updated by Ingo Renner almost 16 years ago

Updated by Benni Mack about 6 years ago