Actions
Bug #2382
closedNon-htmlescaped url(s)
Description
component.cbgroupjive.php line 2460:
$msg_link = '<a href="' . cbgjClass::getPluginURL( array( 'groups', 'join', $category->id, $group->id, $row->code ), null, false ) . '">' . CBTxt::T( 'here' ) . '</a>';
has false for param $htmlspecialchars, instead of true, so it's not escaped properly, causing potential vuln.
Please review all url outputs to html.
Updated by krileon almost 14 years ago
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
Fixed in r1612
Actions