Project

General

Profile

Actions
Copy link

Bug #79753

closed

XSS in new image cropping wizard

Added by Sascha Egerer about 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Sascha Egerer
Category:
Backend User Interface
Target version:
8.6
Start date:
2017-02-10
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

The new image cropping wizard is vulnerable for a XSS attack.

Steps to reproduce:

  1. Upload a file
  2. Edit the file information and set the "title" of the file to Foo <script>alert(1);</script> Bar
  3. Save the file
  4. Create a new text media content element and add the file
  5. open the image cropper
Actions
Copy link
 #1

Updated by Gerrit Code Review about 7 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51633

Actions
Copy link
 #2

Updated by Gerrit Code Review about 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51633

Actions
Copy link
 #3

Updated by Gerrit Code Review about 7 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #4

Updated by Gerrit Code Review about 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #5

Updated by Gerrit Code Review about 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #6

Updated by Gerrit Code Review about 7 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #7

Updated by Gerrit Code Review about 7 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #8

Updated by Gerrit Code Review about 7 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #9

Updated by Gerrit Code Review about 7 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #10

Updated by Gerrit Code Review about 7 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #11

Updated by Gerrit Code Review about 7 years ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions
Copy link
 #12

Updated by Helmut Hummel about 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #13

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF