Bug #84191
Updated by Helmut Hummel about 6 years ago
The page module, when selecting the rootpage, show $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], but fails to properly html encode the value. Thanks to Pradeep Jairamani for reporting that privately to security@typo3.org Although this can be considered as stored XSS vulnerability, we can follow our policy to handle this case in public, because it is only exploitable by admins. value