Project

General

Profile

Actions
Copy link

Bug #19838

closed

XSS vulnerability in workspace module

Added by Marcus Krause almost 16 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Marcus Krause
Category:
Workspaces
Target version:
-
Start date:
2009-01-16
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.0
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2008111310000065

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
In typo3/mod/user/ws/wsol_preview.php parameter msg is echoed without sanitizing it beforhand.

Solution:
Wrap msg by hsc.

Provided by TYPO3 Security Team
(issue imported from #M10159)

Files

10159.diff (512 Bytes) 10159.diff Administrator Admin, 2009-01-16 03:39
Actions
Copy link
 #1

Updated by Marcus Krause almost 16 years ago

patch added

ready to be committed

Actions
Copy link
 #2

Updated by Ingmar Schlecht almost 16 years ago

Committed to 4.0, 4.1, 4.2 and trunk.

Actions
Copy link
 #3

Updated by Michael Stucki almost 11 years ago

  • Category set to Workspaces
Actions
Copy link
 #4

Updated by Michael Stucki almost 11 years ago

  • Project changed from 624 to TYPO3 Core
  • Category changed from Workspaces to Workspaces
  • Target version deleted (0)
Actions
Copy link
 #5

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF