Bug #79753: XSS in new image cropping wizard - TYPO3 Core - TYPO3 Forge

Custom queries

Accessibility
Easy tasks
Forge Triage
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
My open issues
No feedback within 90 days
Open Bugs
Open issues of 10
Recently modified
Regressions
Stabilization Issues
Usability or UX

Actions

Copy link

Bug #79753

closed

XSS in new image cropping wizard

Added by Sascha Egerer almost 8 years ago. Updated about 7 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Sascha Egerer

Category:

Backend User Interface

Target version:

8.6

Start date:

2017-02-10

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

easy

Is Regression:

Sprint Focus:

Description

The new image cropping wizard is vulnerable for a XSS attack.

Steps to reproduce:

Upload a file
Edit the file information and set the "title" of the file to Foo <script>alert(1);</script> Bar
Save the file
Create a new text media content element and add the file
open the image cropper

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51633

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51633

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

Updated by Gerrit Code Review almost 8 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

#10

Updated by Gerrit Code Review almost 8 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

#11

Updated by Gerrit Code Review almost 8 years ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51642

Actions

Copy link

#12