Bug #21333: Sysext:lowlevel (function "DB>Full search") susceptible to XSS - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #21333

closed

Sysext:lowlevel (function "DB>Full search") susceptible to XSS

Added by Ernesto Baschny over 14 years ago. Updated almost 14 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Ernesto Baschny

Category:

Target version:

Start date:

2009-10-22

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.2

PHP Version:

4.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Sysext:lowlevel provides, amongst others, a function called "Full Search" that allows to query the database directly. Both sub-functions "raw search in all fields" and "advanced query" are susceptible to XSS as both modules fail to sanitize results.

Reported by Markus Krause

Security Team OTRS reference: 2009091210000033
(issue imported from #M12308)

History
Notes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #21333

Sysext:lowlevel (function "DB>Full search") susceptible to XSS

Updated by Ernesto Baschny over 14 years ago