Project

General

Profile

Actions

Bug #56296

closed

XSS in scheduler

Added by Georg Ringer over 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
-
Start date:
2014-02-26
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

There is an xss in the scheduler

Public disclosure at http://1337day.com/exploit/21944


Files

xss-scheduler.diff (1.86 KB) xss-scheduler.diff against 6-1 core Georg Ringer, 2014-02-26 05:18
Actions #1

Updated by Jigal van Hemert over 10 years ago

In current security master all cases in the patch are applied except for the one in the option value. Should we use htmlspecialchars there too?

Actions #2

Updated by Wouter Wolters over 9 years ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (OW-A07: Cross Site Scripting)
  • Assignee set to Wouter Wolters
  • TYPO3 Version changed from 6.1 to 6.2
  • Is Regression set to No

Because this module is admin only we do this one in public.

Actions #3

Updated by Gerrit Code Review over 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40321

Actions #4

Updated by Gerrit Code Review over 9 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40383

Actions #5

Updated by Wouter Wolters over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #6

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF