Bug #64618

Updated by Sascha Egerer over 9 years ago

XSS is possible if a FAL storage contains a file with a vulnerable file name. 

 How to reproduce: 

 1. Put a file named @" onmouseover="alert('ups')" data-baz=".txt@ onhover="alert('ups')" data-baz".txt@ into a folder in fileadmin. 
 2. Go to the backend and open the filemodule 
 3. Go to the folder where you have stored your file 
 4. Hover with your mouse over the icon in front of the file. 

 You should see a 'ups' message now as there is a sanitation missing at some point. 

 As discussed with the security team this is not a security issue because it depends on direct filesystem/storage access