Actions
Bug #48692
closedProperly escape data in PermissionAjaxController
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2013-05-31
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
- /typo3/ajax.php in parameter Page and who (not easily exploitable as
the referer is checked, but still vulnerable and potentially exploitable
via redirect, a vector could be "75"><script>alert(1)</script>")
Updated by Franz G. Jahn almost 11 years ago
- Category set to OW-A07: Cross Site Scripting
Updated by Marcus Krause over 10 years ago
- Status changed from New to Accepted
- Assignee set to Marcus Krause
- TYPO3 Version changed from 6.2 to 4.5
to be tested
Updated by Marcus Krause over 10 years ago
- Status changed from Accepted to New
- Assignee deleted (
Marcus Krause)
Updated by Wouter Wolters almost 9 years ago
- Project changed from 1716 to TYPO3 Core
- Subject changed from XSS in PermissionAjaxController to Properly escape data in PermissionAjaxController
- Category deleted (
OW-A07: Cross Site Scripting) - Status changed from New to Accepted
- TYPO3 Version changed from 4.5 to 7
- Is Regression set to No
Properly escape data in PermissionAjaxController
Updated by Gerrit Code Review almost 9 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Updated by Gerrit Code Review almost 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Updated by Gerrit Code Review almost 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Updated by Gerrit Code Review almost 9 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Updated by Wouter Wolters almost 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 14f529788e6c4493746db958286fb3e8c68f04c8.
Actions