Actions
Bug #19827
closed
XSS vulnerability in sysext adodb
Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Database API (Doctrine DBAL)
Target version:
-
Start date:
2009-01-14
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
references TYPO3 Security Team OTRS issue #2009010510000016
Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk) whereas 4.1 up to trunk are already fixed
Problem:
A cross-site scriptting vulnerability is exploitable even by non-logged in users. See:
http://host/typo3/sysext/adodb/adodb/tests/test.php?testproxy=1&nolog=1&ADODB_vers=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Solution:
Repeat changeset 4713 ( http://forge.typo3.org/repositories/revision/27/4713 ) also for branch 4-0.
svn rm typo3/sysext/adodb/cute_icons_for_site
svn rm typo3/sysext/adodb/docs
svn rm typo3/sysext/adodb/perf
svn rm typo3/sysext/adodb/session
svn rm typo3/sysext/adodb/tests
Provided by TYPO3 Security Team
(issue imported from #M10142)
Updated by 
Updated by
Actions