Bug #21328

XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue

Added by Ernesto Baschny almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Reported by Andreas Schnapp.

Added missing escaping of the first parameter. Better description (and name) of the usage of parameter #2.

Reported by Andreas Schnapp

Security Team OTRS reference: 2009060910000027
(issue imported from #M12303)

History

#1 Updated by Ernesto Baschny almost 10 years ago

Commited to:
trunk (rev.6232 = beta2)
TYPO3_4-2 (rev.6233 = 4.2.10)
TYPO3_4-1 (rev.6234 = 4.1.11)

Also available in: Atom PDF