Bug #2385
closed
Added by beat about 13 years ago.
Updated about 13 years ago.
Description
cbgroupjive.class.php line 2424:
return '<input type="text" id="' . $id . '" name="' . $id . '" value="' . $value . '" class="' . $class . '" size="' . $size . '" onchange="' . $onchange . '" />';
This unhtmlescaped vlaue results in a backend XSS vulnerability on searches, at very least.
admin.cbgroupjive.html.php has many unescaped outputs, giving potential injections: e.g.:
'<td><a href="javascript: void(0);" onclick="' . $editJs . '">' . $row->name . '</a></td>'
could be safer as (admitting that $editJs is safe::
'<td><a href="javascript: void(0);" onclick="' . $editJs . '">' . htmlspecialchars( $row->name ) . '</a></td>'
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by