58311 – sanitization/escaping in univention-portal components

Bug 58311 - sanitization/escaping in univention-portal components

Summary: sanitization/escaping in univention-portal components

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	Portal
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.2-1-errata
Assignee:	Christian Castens
QA Contact:	Iván.Delgado

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:

Reported:	2025-05-20 13:50 CEST by Christian Castens
Modified:	2025-05-28 13:40 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Castens

2025-05-20 13:50:40 CEST

Bug for sanitization/escaping of univention-portal components

Comment 2 Christian Castens

2025-05-22 18:30:36 CEST

univention-portal.yaml
42ac83922bc8 | Bug #58311: sanitize descriptions for different components

univention-portal (6.1.1)
42ac83922bc8 | Bug #58311: sanitize descriptions for different components

HTML content in tooltips and notifications within the Portal is now sanitized to prevent XSS vulnerabilities.

Comment 3 Iván.Delgado

2025-05-23 12:53:38 CEST

QA:
 Code review: OK
 Functional: OK
 URL is properly rendered in notifications: OK

Comment 4 Christian Castens

2025-05-28 13:40:37 CEST

<https://errata.software-univention.de/#/?erratum=5.2x118>