Details
-
Bug
-
Resolution: Fixed
-
Critical
-
4.3.1
-
None
Description
If user enters html in his "Full name" while changing preferences, the html is rendered in the tree for admin while browsing the users allowing malicious user to mount an attack on admin session.
Checklists
Acceptance criteria
Attachments
Issue Links
- is causing
-
MAGNOLIA-3308 HTML rendered / not escaped when entered in AdminCentral
-
- Closed
-
- is related to
-
MAGNOLIA-1897 HTML Tags in Page Titles Should Be Escaped in Admin Interface
-
- Closed
-