Project

General

Profile

Actions
Copy link

Bug #2385

closed

not htmlescaped inputs

Added by beat over 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
beat
Target version:
2.0
Start date:
08 March 2011
Due date:
% Done:

100%

Estimated time:

Description

cbgroupjive.class.php line 2424:

        return '<input type="text" id="' . $id . '" name="' . $id . '" value="' . $value . '" class="' . $class . '" size="' . $size . '" onchange="' . $onchange . '" />';

This unhtmlescaped vlaue results in a backend XSS vulnerability on searches, at very least.

Related issues 1 (0 open1 closed)

Related to CB GroupJive - Bug #2380: Missing htmlspecialchars in html outputClosedbeat08 March 2011

Actions
#2

Updated by krileon over 14 years ago

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100
#3

Updated by krileon about 14 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF