[SECURITY] XSS in beuser VH 18/26218/2
authorAnja Leichsenring <aleichsenring@ab-softlab.de>
Tue, 10 Dec 2013 09:54:34 +0000 (10:54 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:54:38 +0000 (10:54 +0100)
commit1b62669168fd2202c31fc22b68acc50fd7b5682f
treee198feee5979b9505a97d93edc30ebd2d48b95db
parentdb9563ca7096926b0731a5ae5648d3f2c15c9e79
[SECURITY] XSS in beuser VH

The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.

Change-Id: I0dadb03105d3eaa520f10f0375a46c83fa56c269
Fixes: #47086
Releases: 6.2, 6.1, 6.0
Security-Commit: 1e0f51f204efd9efacec8aef8ea08e2a8122177b
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26218
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/beuser/Classes/ViewHelpers/Display/PagesViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysFileMountsViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysLanguageViewHelper.php