0012305: tfID GET variable used in view_help.php is not sanitized and therefore susceptible to XSS - TYPO3 bugtracker


It's not a bug, it's a missing feature.	bugs.TYPO3.org

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

ID

Category

Severity

Reproducibility

Date Submitted

Last Update

0012305

[- TYPO3 Core -] Default

major

always

22.10.09 10:15

22.10.09 10:19

Reporter

Ernesto Baschny

View Status

public

Assigned To

Ernesto Baschny

Priority

normal

Resolution

fixed

Status

resolved

Product Version

4.2.9

Summary

0012305: tfID GET variable used in view_help.php is not sanitized and therefore susceptible to XSS

Description

Sanitize tfID before using it.

Additional Information

Reporter: Jelmer de Hen

Security Team OTRS reference: 2009060310000056

Tags

No tags attached.

Has patch

yes

Patch is reviewed

yes

PHP Version

5.2

TYPO3 Version

4.3

Relationships [ Relation Graph ] [ Dependency Graph ]

Notes
(0031510) Ernesto Baschny (developer) 22.10.09 10:19	Commited to: trunk (rev.6238 = beta2) TYPO3_4-2 (rev.6239 = 4.2.10) TYPO3_4-1 (rev.6240 = 4.1.11)

Issue History
Date Modified	Username	Field	Change
22.10.09 10:15	Ernesto Baschny	New Issue
22.10.09 10:15	Ernesto Baschny	Has patch	=> yes
22.10.09 10:15	Ernesto Baschny	Patch is reviewed	=> yes
22.10.09 10:15	Ernesto Baschny	PHP Version	=> 5.2
22.10.09 10:15	Ernesto Baschny	TYPO3 Version	=> 4.3
22.10.09 10:16	Ernesto Baschny	Relationship added	duplicate of 0011615
22.10.09 10:19	Ernesto Baschny	Note Added: 0031510
22.10.09 10:19	Ernesto Baschny	Status	new => resolved
22.10.09 10:19	Ernesto Baschny	Fixed in Version	=> 4.2.10
22.10.09 10:19	Ernesto Baschny	Resolution	open => fixed
22.10.09 10:19	Ernesto Baschny	Assigned To	=> Ernesto Baschny

hosted by bitfarmers TYPO3 Hosting
in case of Problems mail to:
service [at] bitfarmers [dot] com

Mantis 1.1.8[^]

Copyright © 2000 - 2009 Mantis Group