[ http://jira.magnolia-cms.com/browse/MAGNOLIA-3205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Haderka updated MAGNOLIA-3205: ---------------------------------- Fix Version/s: 4.3.x (was: 4.3.2) > Full name column in user tree renders full html > ----------------------------------------------- > > Key: MAGNOLIA-3205 > URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3205 > Project: Magnolia > Issue Type: Bug > Components: security > Affects Versions: 4.3.1 > Reporter: Jan Haderka > Assignee: Philipp Bärfuss > Priority: Critical > Fix For: 4.3.x > > > If user enters html in his "Full name" while changing preferences, the html > is rendered in the tree for admin while browsing the users allowing malicious > user to mount an attack on admin session. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.magnolia-cms.com/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------