Bug #21333: Sysext:lowlevel (function "DB>Full search") susceptible to XSS - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #21333

closed

Sysext:lowlevel (function "DB>Full search") susceptible to XSS

Added by Ernesto Baschny about 15 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Ernesto Baschny

Category:

Target version:

Start date:

2009-10-22

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.2

PHP Version:

4.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Sysext:lowlevel provides, amongst others, a function called "Full Search" that allows to query the database directly. Both sub-functions "raw search in all fields" and "advanced query" are susceptible to XSS as both modules fail to sanitize results.

Reported by Markus Krause

Security Team OTRS reference: 2009091210000033
(issue imported from #M12308)

History
Notes

Actions

Copy link

Updated by Ernesto Baschny about 15 years ago

Commited to:
TYPO3_4-2 (rev.6247 = 4.2.10)
TYPO3_4-1 (rev.6248 = 4.1.11)

Note that trunk (4.3) is not affected.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #21333

Sysext:lowlevel (function "DB>Full search") susceptible to XSS

Updated by Ernesto Baschny about 15 years ago