[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Haderka updated MAGNOLIA-3589:
----------------------------------
Fix Version/s: 4.5
(was: 5.0)
> Cross-site scripting vulnerabilities in the AdminCentral
> --------------------------------------------------------
>
> Key: MAGNOLIA-3589
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3589
> Project: Magnolia
> Issue Type: Bug
> Security Level: Public
> Components: admininterface, security
> Reporter: Philipp Bärfuss
> Assignee: Ondřej Chytil
> Priority: Critical
> Fix For: 4.3.9, 4.4.3, 4.5
>
>
> We mainly tested and fixed XSS issues in the templates of Magnolia (STK) as
> they are served to the public. Now we got a report listing all potential XSS
> vulnerabilities in the AdminCentral. This is less critical as a user has to
> be logged in before such an attack could happen. Nonetheless the issues
> should get removed.
>
> see the private report at: SUPPORT-915
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
