Bug #2385: not htmlescaped inputs - CB GroupJive - Joomlapolis forge

Actions

Copy link

Bug #2385

closed

not htmlescaped inputs

Bug #2385: not htmlescaped inputs

Added by beat almost 15 years ago. Updated almost 15 years ago.

Status:

Closed

Priority:

Normal

Assignee:

beat

Target version:

2.0

Start date:

08 March 2011

Due date:

% Done:

100%

Estimated time:

Description

cbgroupjive.class.php line 2424:

        return '<input type="text" id="' . $id . '" name="' . $id . '" value="' . $value . '" class="' . $class . '" size="' . $size . '" onchange="' . $onchange . '" />';

This unhtmlescaped vlaue results in a backend XSS vulnerability on searches, at very least.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Incubator » CB GroupJive

Custom queries

Bug #2385

not htmlescaped inputs

Updated by beat almost 15 years ago Actions
Copy link
#1

Updated by krileon almost 15 years ago Actions
Copy link
#2

Updated by krileon almost 15 years ago Actions
Copy link
#3

Project

General

Profile

Incubator » CB GroupJive

Custom queries

Bug #2385

not htmlescaped inputs

Updated by beat almost 15 years ago ActionsCopy link #1

Updated by krileon almost 15 years ago ActionsCopy link #2

Updated by krileon almost 15 years ago ActionsCopy link #3

Updated by beat almost 15 years ago Actions
Copy link
#1

Updated by krileon almost 15 years ago Actions
Copy link
#2

Updated by krileon almost 15 years ago Actions
Copy link
#3