Project

General

Profile

Actions
Copy link

Bug #48692

closed

Properly escape data in PermissionAjaxController

Added by Franz G. Jahn almost 11 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2013-05-31
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

  • /typo3/ajax.php in parameter Page and who (not easily exploitable as
    the referer is checked, but still vulnerable and potentially exploitable
    via redirect, a vector could be "75"><script>alert(1)</script>")
Actions
Copy link
 #1

Updated by Franz G. Jahn almost 11 years ago

  • Category set to OW-A07: Cross Site Scripting
Actions
Copy link
 #2

Updated by Marcus Krause over 10 years ago

  • Status changed from New to Accepted
  • Assignee set to Marcus Krause
  • TYPO3 Version changed from 6.2 to 4.5

to be tested

Actions
Copy link
 #3

Updated by Marcus Krause over 10 years ago

  • Status changed from Accepted to New
  • Assignee deleted (Marcus Krause)
Actions
Copy link
 #4

Updated by Wouter Wolters almost 9 years ago

  • Project changed from 1716 to TYPO3 Core
  • Subject changed from XSS in PermissionAjaxController to Properly escape data in PermissionAjaxController
  • Category deleted (OW-A07: Cross Site Scripting)
  • Status changed from New to Accepted
  • TYPO3 Version changed from 4.5 to 7
  • Is Regression set to No

Properly escape data in PermissionAjaxController

Actions
Copy link
 #5

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions
Copy link
 #6

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions
Copy link
 #7

Updated by Gerrit Code Review almost 9 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions
Copy link
 #8

Updated by Gerrit Code Review almost 9 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions
Copy link
 #9

Updated by Wouter Wolters almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #10

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF