From 9282aa2319969b30c349bb746fae1b33a92c62a7 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Thu, 26 Jan 2023 16:20:25 +0100 Subject: [PATCH 1/2] #10219 fixed xss injection in syslog --- pandora_console/godmode/agentes/configurar_agente.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/godmode/agentes/configurar_agente.php b/pandora_console/godmode/agentes/configurar_agente.php index d0c796cc59..81277763c5 100644 --- a/pandora_console/godmode/agentes/configurar_agente.php +++ b/pandora_console/godmode/agentes/configurar_agente.php @@ -1994,7 +1994,7 @@ if ($create_module) { $agent = db_get_row('tagente', 'id_agente', $id_agente); db_pandora_audit( AUDIT_LOG_AGENT_MANAGEMENT, - "Added module '".io_safe_output($name)."' for agent ".io_safe_output($agent['alias']), + "Added module '".$name."' for agent ".io_safe_output($agent['alias']), false, true, io_json_mb_encode($values) From c2a16eb31183810bf66ed9a2191c982b08d9c9d3 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Thu, 26 Jan 2023 16:34:35 +0100 Subject: [PATCH 2/2] #10219 added db_escape_string_sql for control quotes --- pandora_console/godmode/agentes/configurar_agente.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/godmode/agentes/configurar_agente.php b/pandora_console/godmode/agentes/configurar_agente.php index 81277763c5..e35f15ead9 100644 --- a/pandora_console/godmode/agentes/configurar_agente.php +++ b/pandora_console/godmode/agentes/configurar_agente.php @@ -1994,7 +1994,7 @@ if ($create_module) { $agent = db_get_row('tagente', 'id_agente', $id_agente); db_pandora_audit( AUDIT_LOG_AGENT_MANAGEMENT, - "Added module '".$name."' for agent ".io_safe_output($agent['alias']), + "Added module '".db_escape_string_sql($name)."' for agent ".io_safe_output($agent['alias']), false, true, io_json_mb_encode($values)