Actions
Bug #64618
closedPossible XSS if you have direct access to the storage
Status:
Closed
Priority:
Should have
Assignee:
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2015-01-29
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
XSS is possible if a FAL storage contains a file with a vulnerable file name.
How to reproduce:
1. Put a file named " onmouseover="alert('ups')" data-baz=".txt
into a folder in fileadmin.
2. Go to the backend and open the filemodule
3. Go to the folder where you have stored your file
4. Hover with your mouse over the icon in front of the file.
You should see a 'ups' message now as there is a sanitation missing at some point.
As discussed with the security team this is not a security issue because it depends on direct filesystem/storage access
Actions