Project

General

Profile

Actions
Copy link

Bug #19827

closed

XSS vulnerability in sysext adodb

Added by Marcus Krause almost 16 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Database API (Doctrine DBAL)
Target version:
-
Start date:
2009-01-14
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2009010510000016

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk) whereas 4.1 up to trunk are already fixed

Problem:
A cross-site scriptting vulnerability is exploitable even by non-logged in users. See:
http://host/typo3/sysext/adodb/adodb/tests/test.php?testproxy=1&nolog=1&ADODB_vers=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Solution:
Repeat changeset 4713 ( http://forge.typo3.org/repositories/revision/27/4713 ) also for branch 4-0.
svn rm typo3/sysext/adodb/cute_icons_for_site
svn rm typo3/sysext/adodb/docs
svn rm typo3/sysext/adodb/perf
svn rm typo3/sysext/adodb/session
svn rm typo3/sysext/adodb/tests

Provided by TYPO3 Security Team
(issue imported from #M10142)

Actions
Copy link
 #1

Updated by Marcus Krause almost 16 years ago

ready to be committed

Actions
Copy link
 #2

Updated by Ingo Renner almost 16 years ago

has been fixed in 4.0, 4.1, 4.2, and trunk

Actions
Copy link

Also available in: Atom PDF