Skip to content
Snippets Groups Projects
Commit 056323e9 authored by Oliver Hader's avatar Oliver Hader Committed by Morton Jonuschat
Browse files

[SECURITY] XSS in belog module 

The username of a backend user and title of a workspace record
miss accordant escaping if being rendered in the belog module.

Since this has only impact on admin users in the backend, the
fix is handled in public instead of a security release.

Resolves: #72475
Releases: master, 7.6, 6.2
Change-Id: Ib165f8ef849a641984fc5fb834b30983f7b63a54
Reviewed-on: https://review.typo3.org/45519


Reviewed-by: default avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: default avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: default avatarMorton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: default avatarMorton Jonuschat <m.jonuschat@mojocode.de>
parent ae644175
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment