Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3205

Full name column in user tree renders full html

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 4.3.3, 4.4
    • 4.3.1
    • security
    • None

    Description

      If user enters html in his "Full name" while changing preferences, the html is rendered in the tree for admin while browsing the users allowing malicious user to mount an attack on admin session.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                ochytil Ondrej Chytil
                had Jan Haderka
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD