Bug #64618
closed
Possible XSS if you have direct access to the storage
100%
Description
XSS is possible if a FAL storage contains a file with a vulnerable file name.
How to reproduce:
1. Put a file named " onmouseover="alert('ups')" data-baz=".txt into a folder in fileadmin.
2. Go to the backend and open the filemodule
3. Go to the folder where you have stored your file
4. Hover with your mouse over the icon in front of the file.
You should see a 'ups' message now as there is a sanitation missing at some point.
As discussed with the security team this is not a security issue because it depends on direct filesystem/storage access
Updated by
Updated by Gerrit Code Review almost 10 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36391
Updated by Gerrit Code Review almost 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36391
Updated by Anonymous almost 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 4347ca0436cb9a2cb160c8c3428e8b384c9b645c.
Updated by Anja Leichsenring almost 9 years ago
- Sprint Focus deleted (
On Location Sprint)
Updated by