Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 4.3.3, 4.4
Affects Version/s: 4.3.1
Component/s: security
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less

If user enters html in his "Full name" while changing preferences, the html is rendered in the tree for admin while browsing the users allowing malicious user to mount an attack on admin session.

Acceptance criteria

is causing

MAGNOLIA-3308 HTML rendered / not escaped when entered in AdminCentral

Closed

is related to

MAGNOLIA-1897 HTML Tags in Page Titles Should Be Escaped in Admin Interface

Closed

Assignee:: Ondrej Chytil

Reporter:: Jan Haderka

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 20/May/10 9:59 AM

Updated:: 13/Mar/12 9:11 AM

Resolved:: 28/Jun/10 11:22 AM

Date of First Response:: 13/Mar/12 9:11 AM

Bug DoR

Task DoD

Details

Description

Checklists

Attachments

Issue Links

Activity

People

Dates

Checklists