Project

General

Profile

Actions

Bug #64618

closed

Possible XSS if you have direct access to the storage

Added by Sascha Egerer about 9 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2015-01-29
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

XSS is possible if a FAL storage contains a file with a vulnerable file name.

How to reproduce:

1. Put a file named " onmouseover="alert('ups')" data-baz=".txt into a folder in fileadmin.
2. Go to the backend and open the filemodule
3. Go to the folder where you have stored your file
4. Hover with your mouse over the icon in front of the file.

You should see a 'ups' message now as there is a sanitation missing at some point.

As discussed with the security team this is not a security issue because it depends on direct filesystem/storage access

Actions #1

Updated by Sascha Egerer about 9 years ago

  • Description updated (diff)
Actions #2

Updated by Gerrit Code Review about 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36391

Actions #3

Updated by Gerrit Code Review about 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36391

Actions #4

Updated by Anonymous about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #5

Updated by Anja Leichsenring about 8 years ago

  • Sprint Focus deleted (On Location Sprint)
Actions #6

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF