-
Bug
-
Resolution: Fixed
-
Critical
-
4.3.1
-
None
If user enters html in his "Full name" while changing preferences, the html is rendered in the tree for admin while browsing the users allowing malicious user to mount an attack on admin session.
Acceptance criteria
- is causing
-
MAGNOLIA-3308 HTML rendered / not escaped when entered in AdminCentral
- Closed
- is related to
-
MAGNOLIA-1897 HTML Tags in Page Titles Should Be Escaped in Admin Interface
- Closed