Bug #48692: Properly escape data in PermissionAjaxController - TYPO3 Core - TYPO3 Forge

Custom queries

12 LTS
Accessibility
Dashboard issues
Easy tasks
Extbase Issues
FAL Issues
FAL Sprint 2023
Hierarchical Issues
Issues reported for v11
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
Most wanted Bugfixes
Most wanted Features
My open issues
New & Unassigned
No feedback within 90 days
Open Bugs
Open issues of 10
Page Tree Regressions after 2020-07-28
Recently modified
Regressions
Stabilization Issues
Usability or UX

Actions

Copy link

Bug #48692

closed

Properly escape data in PermissionAjaxController

Added by Franz G. Jahn almost 11 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

Start date:

2013-05-31

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

/typo3/ajax.php in parameter Page and who (not easily exploitable as
the referer is checked, but still vulnerable and potentially exploitable
via redirect, a vector could be "75"><script>alert(1)</script>")

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Franz G. Jahn almost 11 years ago

Category set to OW-A07: Cross Site Scripting

Actions

Copy link

Updated by Marcus Krause over 10 years ago

Status changed from New to Accepted
Assignee set to Marcus Krause
TYPO3 Version changed from 6.2 to 4.5

to be tested

Actions

Copy link

Updated by Marcus Krause over 10 years ago

Status changed from Accepted to New
Assignee deleted (~~Marcus Krause~~)

Actions

Copy link

Updated by Wouter Wolters almost 9 years ago

Project changed from 1716 to TYPO3 Core
Subject changed from XSS in PermissionAjaxController to Properly escape data in PermissionAjaxController
Category deleted (~~OW-A07: Cross Site Scripting~~)
Status changed from New to Accepted
TYPO3 Version changed from 4.5 to 7
Is Regression set to No

Properly escape data in PermissionAjaxController

Actions

Copy link

Updated by Gerrit Code Review almost 9 years ago

Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions

Copy link

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions

Copy link

Updated by Gerrit Code Review almost 9 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions

Copy link

Updated by Gerrit Code Review almost 9 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40328

Actions

Copy link