Project

General

Profile

Actions
Copy link

Bug #23668

closed

XSS in template analyzer

Added by Georg Ringer over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-10-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Because of a missing htmlspecialchar() there is the possibiltiy of a XSS.

OTRS: 2010100110000031
Reporter: Susanne Moog
(issue imported from #M15887)

Files

Download all files
15887-template_analyzer-trunk.patch (831 Bytes) 15887-template_analyzer-trunk.patch Administrator Admin, 2010-10-04 10:33
15887-template_analyzer-4_4.patch (849 Bytes) 15887-template_analyzer-4_4.patch Administrator Admin, 2010-10-04 10:44
15887-template_analyzer-4_1.patch (1.05 KB) 15887-template_analyzer-4_1.patch Administrator Admin, 2010-10-04 10:45
Actions
Copy link
 #1

Updated by Helmut Hummel over 13 years ago

PoC: Name a template "<script>alert(123)</script>" and switch to the Template analyzer

Actions
Copy link

Also available in: Atom PDF