Bug #19838: XSS vulnerability in workspace module - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #19838

closed

XSS vulnerability in workspace module

Added by Marcus Krause almost 16 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Marcus Krause

Category:

Workspaces

Target version:

Start date:

2009-01-16

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.0

PHP Version:

5.2

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2008111310000065

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
In typo3/mod/user/ws/wsol_preview.php parameter msg is echoed without sanitizing it beforhand.

Solution:
Wrap msg by hsc.

Provided by TYPO3 Security Team
(issue imported from #M10159)

Files

10159.diff (512 Bytes) 10159.diff

Administrator Admin, 2009-01-16 03:39

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #19838

XSS vulnerability in workspace module

Updated by Marcus Krause almost 16 years ago

Updated by Ingmar Schlecht almost 16 years ago

Updated by Michael Stucki almost 11 years ago

Updated by Michael Stucki almost 11 years ago

Updated by Benni Mack about 6 years ago