Cross-site scripting vulnerabilities in the AdminCentral
--------------------------------------------------------
Key: MAGNOLIA-3589
URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3589
Project: Magnolia
Issue Type: Bug
Components: admininterface, security
Reporter: Philipp Bärfuss
Assignee: Ondřej Chytil
Priority: Critical
Fix For: 4.4.3
We mainly tested and fixed XSS issues in the templates of Magnolia (STK) as
they are served to the public. Now we got a report listing all potential XSS
vulnerabilities in the AdminCentral. This is less critical as a user has to be
logged in before such an attack could happen. Nonetheless the issues should get
removed.
see the private report at: SUPPORT-915
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
