[magnolia-dev] [JIRA] Updated: (MAGNOLIA-3205) Full name column in user tree renders full html

JIRA (on behalf of Jan Haderka) Fri, 04 Jun 2010 01:29:05 -0700


     [ 
http://jira.magnolia-cms.com/browse/MAGNOLIA-3205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jan Haderka updated MAGNOLIA-3205:
----------------------------------

    Fix Version/s: 4.3.x
                       (was: 4.3.2)

> Full name column in user tree renders full html
> -----------------------------------------------
>
>                 Key: MAGNOLIA-3205
>                 URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3205
>             Project: Magnolia
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 4.3.1
>            Reporter: Jan Haderka
>            Assignee: Philipp Bärfuss
>            Priority: Critical
>             Fix For: 4.3.x
>
>
> If user enters html in his "Full name" while changing preferences, the html 
> is rendered in the tree for admin while browsing the users allowing malicious 
> user to mount an attack on admin session.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira



----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------

[magnolia-dev] [JIRA] Updated: (MAGNOLIA-3205) Full name column in user tree renders full html

Reply via email to