Project

General

Profile

Actions

Bug #72475

closed

XSS in belog module

Added by Oliver Hader about 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2015-12-30
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.5
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The belog module, accessible for admin users, is vulnerable for XSS.

Requirements

a) create a backend user having the name

te<b>st</b>

b) create a workspace record having the title
work<b>space</b>

PoC

  • switch to the created user
  • switch to the create workspace
  • modify or create any content
  • open the log at System>Log and see the unescaped contents of the user and workspace

Files

72475.png (19.3 KB) 72475.png Oliver Hader, 2015-12-30 13:23
Actions #1

Updated by Oliver Hader about 8 years ago

Actions #2

Updated by Gerrit Code Review about 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/45502

Actions #3

Updated by Helmut Hummel about 8 years ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (OW-A07: Cross Site Scripting)
  • Is Regression set to No

Users and Workspaces can only be created by admins, so it is fine to fix this in public

Actions #4

Updated by Gerrit Code Review about 8 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45519

Actions #5

Updated by Gerrit Code Review about 8 years ago

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45522

Actions #6

Updated by Oliver Hader about 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #7

Updated by Gerrit Code Review about 8 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45523

Actions #8

Updated by Oliver Hader about 8 years ago

  • Status changed from Under Review to Resolved
Actions #9

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF