[SECURITY] XSS in beuser VH 08/26208/2
authorAnja Leichsenring <aleichsenring@ab-softlab.de>
Tue, 10 Dec 2013 09:53:41 +0000 (10:53 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:53:44 +0000 (10:53 +0100)
commit18e049185f59f75ead70944325001db48e3ed017
tree7057f2d59cedd7b3e7468f97c9d3c3d0ebf13950
parentcbbeefd9236deb70ac7d17edb747d0a8b970e2c5
[SECURITY] XSS in beuser VH

The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.

Change-Id: I6b991e3cc3807551792e447c5ebe9bcdfe0cecc3
Fixes: #47086
Releases: 6.2, 6.1, 6.0
Security-Commit: 55d5ed4aa9e9c9887f978645b68ff66cb5c8d2ec
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26208
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/beuser/Classes/ViewHelpers/Display/PagesViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysFileMountsViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysLanguageViewHelper.php