[OBS-3713] Potential for XSS in menu search - Observium

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: None
Affects Version/s: Professional Edition
Component/s: Web Interface
Labels:
- security
- web

Description

There is a potential for XSS if one decides to output the queryString returned by search input.
Fixed by using the get_vars() function

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

xssajaxsearch.diff
0.6 kB
2021/04/08 04:24 PM

Activity

[OBS-3713] Potential for XSS in menu search

Mike Stupalov added a comment - 2021/04/08 04:59 PM

Yah, sure.. added in r11220.

Mike Stupalov added a comment - 2021/04/08 04:59 PM Yah, sure.. added in r11220.

People

Assignee:: Mike Stupalov

Reporter:: Kent Johannessen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/04/08 04:24 PM

Updated:: 2021/05/09 06:10 PM

Resolved:: 2021/04/08 04:59 PM