Skip to content
Snippets Groups Projects
Commit db9563ca authored by Anja Leichsenring's avatar Anja Leichsenring Committed by Oliver Hader
Browse files

[SECURITY] Remove possible XSS from ActionController Error output 

As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::errorAction() method
could lead to a cross side scripting possibility.

The offending output has been removed without substitution.

Change-Id: I01385c54bb384a86fc6428f67171e7010b821cc2
Fixes: #54074
Releases: 6.2, 6.1, 6.0, 4.7. 4,5
Security-Commit: ec947ba22bd673827899c5e82857b293dff8b4b0
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26217
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
parent 4d44daa0
Branches
Tags
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment