[SECURITY] Encode passed arguments in Fluid view helpers (6a972407) · Commits · TYPO3 / TYPO3.CMS

Commit 6a972407 authored 4 years ago by

Oliver Hader Committed by Oliver Hader 4 years ago

[SECURITY] Encode passed arguments in Fluid view helpers

* XSS in `f:be.labels.csh` in argument `label`
* XSS in `f:be.menus.actionMenu` in argument `label`
* XSS in `f:form` in argument `fieldNamePrefix`

Resolves: #92602
Releases: master, 10.4, 9.5
Change-Id: I7574bfb60eb2e11ecfb98d187f2edd580f43cd93
Security-Bulletin: TYPO3-CORE-SA-2020-010
Security-References: CVE-2020-26227
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66663


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

parent 0228e371

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 255 additions and 16 deletions

Please register or to comment