Project

General

Profile

Actions

Bug #64618

closed

Possible XSS if you have direct access to the storage

Added by Sascha Egerer almost 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2015-01-29
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

XSS is possible if a FAL storage contains a file with a vulnerable file name.

How to reproduce:

1. Put a file named " onmouseover="alert('ups')" data-baz=".txt into a folder in fileadmin.
2. Go to the backend and open the filemodule
3. Go to the folder where you have stored your file
4. Hover with your mouse over the icon in front of the file.

You should see a 'ups' message now as there is a sanitation missing at some point.

As discussed with the security team this is not a security issue because it depends on direct filesystem/storage access

Actions

Also available in: Atom PDF