Closed (fixed)
Project:
Tarte au Citron
Version:
1.0.1
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
3 Jul 2023 at 14:31 UTC
Updated:
12 Sep 2023 at 08:39 UTC
Jump to comment: Most recent
Comments
Comment #4
klelostec commentedThanks a lot @prudloff.
I fixed this using the
Xss::filterAdmin()solution which seems better to me.This one prevents a malicious user from being able to exploit the XSS vulnerability if he is able to login with a user assigned to roles which are granted to the permission.
Comment #6
klelostec commentedComment #7
klelostec commentedComment #8
klelostec commentedComment #9
klelostec commented