Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-26769

JavaScript injection in RichText fields - Possible XSS

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • Customer request
    • 1.6.0
    • None

    Description

      Possible Javascript code injection inside ezrichtext using Firebug or similar in the alloy editor. right now there is no warning like in the ezpublish old Editor (screenshots are available)

      Attachments

        1. 62_Screenshot.PNG
          62_Screenshot.PNG
          170 kB
        2. warning_in_previous_ezpublish_version.png
          warning_in_previous_ezpublish_version.png
          166 kB

        Activity

          People

            Unassigned Unassigned
            ramzi.arfaoui-obsolete@ez.no Ramzi Arfaoui (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 2 hours
                2d 2h