Project

General

Profile

Actions

Bug #21330

closed

tfID GET variable used in view_help.php is not sanitized and therefore susceptible to XSS

Added by Ernesto Baschny over 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2009-10-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Sanitize tfID before using it.

Reporter: Jelmer de Hen

Security Team OTRS reference: 2009060310000056
(issue imported from #M12305)

Actions #1

Updated by Ernesto Baschny over 14 years ago

Commited to:
trunk (rev.6238 = beta2)
TYPO3_4-2 (rev.6239 = 4.2.10)
TYPO3_4-1 (rev.6240 = 4.1.11)

Actions

Also available in: Atom PDF