Bug #46434

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

XSS in content element wizard

Added by Georg Ringer over 2 years ago. Updated 6 months ago.

Status:Under Review Start date:2013-03-19
Priority:Should have Due date:
Assigned To:- % Done:

0%

Category:- Spent time: -
Target version:-
TYPO3 Version:6.1 Is Regression:No
PHP Version: Sprint Focus:
Complexity:

Description

set in page tsconfig

mod.wizards.newContentElement.wizardItems.common.elements.text.icon = ">xxxx<h1>xx</h1>EXT:news/ext_icon.gif

History

#1 Updated by Helmut Hummel over 1 year ago

  • Project changed from Core Security to Core
  • Category deleted (XSS)

TS-Config must be admin only. Can be fixed in regular bugfixing workflow

#2 Updated by Ingo Schmitt over 1 year ago

  • Parent task set to #55066
  • Is Regression set to No

#3 Updated by Gerrit Code Review 6 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

#4 Updated by Gerrit Code Review 6 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

#5 Updated by Gerrit Code Review 6 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Also available in: Atom PDF