Bug #23550: Sysext setup's user simulation is susceptible to XSS - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #23550

closed

Sysext setup's user simulation is susceptible to XSS

Added by Marcus Krause about 14 years ago. Updated about 14 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Benni Mack

Category:

Target version:

Start date:

2010-09-17

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.2

PHP Version:

5.2

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

The user simulation part of system extension (BE module) setup is vulnerable to Cross-Site-Scripting attacks. GET/POST parameter "simUser", which is supposed to be an integer value, is outputted as is.

OTRS-X-Reference: #2010083010000016
reported by: Daniel Sloof
(issue imported from #M15729)

Files

Download all files

15729_trunk.diff (654 Bytes) 15729_trunk.diff		Administrator Admin, 2010-09-17 11:14
15729_4-4.diff (654 Bytes) 15729_4-4.diff		Administrator Admin, 2010-09-17 11:15
15729_4-3.diff (654 Bytes) 15729_4-3.diff		Administrator Admin, 2010-09-17 11:19
15729_4-2.diff (612 Bytes) 15729_4-2.diff		Administrator Admin, 2010-09-17 11:22
15729_trunk_v1.diff (600 Bytes) 15729_trunk_v1.diff		Administrator Admin, 2010-09-24 21:42
15729_4-4_v1.diff (600 Bytes) 15729_4-4_v1.diff		Administrator Admin, 2010-09-24 21:45
15729_4-3_v1.diff (600 Bytes) 15729_4-3_v1.diff		Administrator Admin, 2010-09-24 21:49
15729_4-2_v1.diff (558 Bytes) 15729_4-2_v1.diff		Administrator Admin, 2010-09-24 21:52