We have moved to GitHub Issues
Created by Sebastiaan Janssen 19 Aug 2012, 14:53:28 Updated by Sebastiaan Janssen 19 Apr 2013, 07:00:47
Relates to: U4-2122
If you save the following string "" in the field "name" of a document in the properties tab. This script will be executed every time the document is displayed in the content navigation tree (umbraco 4.7.0).
This can be used to compromise logins of cms users if an hacker manages to get this stored in the database (please note that packages or custom components have access to this field and can present a potential entry point for a hacker).
When could this be solved? And might there a simple solution available that we can use to patch this with?
''Originally created on CodePlex by [CollinM|http://www.codeplex.com/site/users/view/CollinM]'' on 11/14/2011 4:00:02 PM [Codeplex ID: 30580 - Codeplex Votes: 1]
Assignee: Shannon Deminick
Backwards Compatible: True
Affected versions: 4.8.0, 4.9.0, 4.10.0, 4.11.0, 6.0.0, 4.9.1, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 6.0.1, 4.11.5, 6.0.2, 4.11.6, 6.0.3
Due in version: 6.0.4, 4.11.7