Actions
Bug #2385
closednot htmlescaped inputs
Description
cbgroupjive.class.php line 2424:
return '<input type="text" id="' . $id . '" name="' . $id . '" value="' . $value . '" class="' . $class . '" size="' . $size . '" onchange="' . $onchange . '" />';
This unhtmlescaped vlaue results in a backend XSS vulnerability on searches, at very least.
Updated by beat almost 14 years ago
admin.cbgroupjive.html.php has many unescaped outputs, giving potential injections: e.g.:
'<td><a href="javascript: void(0);" onclick="' . $editJs . '">' . $row->name . '</a></td>'
could be safer as (admitting that $editJs is safe::
'<td><a href="javascript: void(0);" onclick="' . $editJs . '">' . htmlspecialchars( $row->name ) . '</a></td>'
Updated by krileon almost 14 years ago
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
Fixed with r1607
Actions