Bug #48692
closed
Properly escape data in PermissionAjaxController
Added by Franz G. Jahn almost 11 years ago.
Updated over 5 years ago.
Description
- /typo3/ajax.php in parameter Page and who (not easily exploitable as
the referer is checked, but still vulnerable and potentially exploitable
via redirect, a vector could be "75"><script>alert(1)</script>")
- Category set to OW-A07: Cross Site Scripting
- Status changed from New to Accepted
- Assignee set to Marcus Krause
- TYPO3 Version changed from 6.2 to 4.5
- Status changed from Accepted to New
- Assignee deleted (
Marcus Krause)
- Project changed from 1716 to TYPO3 Core
- Subject changed from XSS in PermissionAjaxController to Properly escape data in PermissionAjaxController
- Category deleted (
OW-A07: Cross Site Scripting)
- Status changed from New to Accepted
- TYPO3 Version changed from 4.5 to 7
- Is Regression set to No
Properly escape data in PermissionAjaxController
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF