Project

General

Profile

Actions
Copy link

Bug #56296

closed

XSS in scheduler

Added by Georg Ringer about 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Wouter Wolters
Category:
-
Target version:
-
Start date:
2014-02-26
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

There is an xss in the scheduler

Public disclosure at http://1337day.com/exploit/21944

Files

xss-scheduler.diff (1.86 KB) xss-scheduler.diff against 6-1 core Georg Ringer, 2014-02-26 05:18
Actions
Copy link
 #1

Updated by Jigal van Hemert about 10 years ago

In current security master all cases in the patch are applied except for the one in the option value. Should we use htmlspecialchars there too?

Actions
Copy link
 #2

Updated by Wouter Wolters almost 9 years ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (OW-A07: Cross Site Scripting)
  • Assignee set to Wouter Wolters
  • TYPO3 Version changed from 6.1 to 6.2
  • Is Regression set to No

Because this module is admin only we do this one in public.

Actions
Copy link
 #3

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40321

Actions
Copy link
 #4

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40383

Actions
Copy link
 #5

Updated by Wouter Wolters almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF