Project

General

Profile

Actions

Bug #2385

closed

not htmlescaped inputs

Added by beat over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
08 March 2011
Due date:
% Done:

100%

Estimated time:

Description

cbgroupjive.class.php line 2424:

        return '<input type="text" id="' . $id . '" name="' . $id . '" value="' . $value . '" class="' . $class . '" size="' . $size . '" onchange="' . $onchange . '" />';

This unhtmlescaped vlaue results in a backend XSS vulnerability on searches, at very least.


Related issues 1 (0 open1 closed)

Related to CB GroupJive - Bug #2380: Missing htmlspecialchars in html outputClosedbeat08 March 2011

Actions
Actions

Also available in: Atom PDF