U4-7461 - xss vulnerability in content type editor

Created by Shannon Deminick 25 Nov 2015, 19:06:32 Updated by Matt Brailsford 01 Dec 2015, 12:12:26

Relates to: U4-7477

Relates to: U4-7459

Comments

Shannon Deminick 25 Nov 2015, 19:07:09

Currently you can save a template with a name:

">

and then if you navigate to the content type editor, this will trigger js.


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category: Security

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.3.2

Sprint: Sprint 3

Story Points:

Cycle: