Bug #46434: XSS in content element wizard - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Bug #46434

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

XSS in content element wizard

Added by Georg Ringer over 2 years ago. Updated 6 months ago.

Status:

Under Review

Start date:

2013-03-19

Priority:

Should have

Due date:

Assigned To:

% Done:

Category:

Spent time:

Target version:

TYPO3 Version:

6.1

Is Regression:

PHP Version:

Sprint Focus:

Complexity:

Description

set in page tsconfig

mod.wizards.newContentElement.wizardItems.common.elements.text.icon = ">xxxx<h1>xx</h1>EXT:news/ext_icon.gif

History

#1 Updated by Helmut Hummel over 1 year ago

Project changed from Core Security to Core
Category deleted (~~XSS~~)

TS-Config must be admin only. Can be fixed in regular bugfixing workflow

#2 Updated by Ingo Schmitt over 1 year ago

Parent task set to #55066
Is Regression set to No

#3 Updated by Gerrit Code Review 6 months ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

#4 Updated by Gerrit Code Review 6 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

#5 Updated by Gerrit Code Review 6 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Also available in: Atom PDF

Core

Issues

Custom queries