Actions
Bug #2382
closedNon-htmlescaped url(s)
Description
component.cbgroupjive.php line 2460:
$msg_link = '<a href="' . cbgjClass::getPluginURL( array( 'groups', 'join', $category->id, $group->id, $row->code ), null, false ) . '">' . CBTxt::T( 'here' ) . '</a>';
has false for param $htmlspecialchars, instead of true, so it's not escaped properly, causing potential vuln.
Please review all url outputs to html.
Actions