Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-26769

JavaScript injection in RichText fields - Possible XSS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: Customer request
    • Component/s: None
    • Labels:

      Description

      Possible Javascript code injection inside ezrichtext using Firebug or similar in the alloy editor. right now there is no warning like in the ezpublish old Editor (screenshots are available)

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            ramzi.arfaoui@ez.no Ramzi Arfaoui
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 2 hours
                2d 2h