Project

General

Profile

Actions

Bug #2385

closed

not htmlescaped inputs

Added by beat over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
08 March 2011
Due date:
% Done:

100%

Estimated time:

Description

cbgroupjive.class.php line 2424:

        return '<input type="text" id="' . $id . '" name="' . $id . '" value="' . $value . '" class="' . $class . '" size="' . $size . '" onchange="' . $onchange . '" />';

This unhtmlescaped vlaue results in a backend XSS vulnerability on searches, at very least.


Related issues 1 (0 open1 closed)

Related to CB GroupJive - Bug #2380: Missing htmlspecialchars in html outputClosedbeat08 March 2011

Actions
Actions #1

Updated by beat over 11 years ago

admin.cbgroupjive.html.php has many unescaped outputs, giving potential injections: e.g.:

'<td><a href="javascript: void(0);" onclick="' . $editJs . '">' . $row->name . '</a></td>'

could be safer as (admitting that $editJs is safe::

'<td><a href="javascript: void(0);" onclick="' . $editJs . '">' . htmlspecialchars( $row->name ) . '</a></td>'
Actions #2

Updated by krileon over 11 years ago

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100

Fixed with r1607

Actions #3

Updated by krileon over 11 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF