Avoid XSS in Net Scan scripts

2025-07-23 22:05:41 +02:00 · 2020-09-09 11:27:08 +02:00 · 2020-09-09 11:27:08 +02:00 · 6a192433cb
commit 6a192433cb
parent cbed2ef758
1 changed files with 2 additions and 2 deletions
--- a/pandora_console/include/class/ManageNetScanScripts.class.php
+++ b/pandora_console/include/class/ManageNetScanScripts.class.php
@ -180,7 +180,7 @@ class ManageNetScanScripts extends Wizard
        $result = [];

        $reconscript_name = get_parameter('form_name', '');
-        $reconscript_description = get_parameter('form_description', '');
+        $reconscript_description = io_safe_input(strip_tags(io_safe_output((string) get_parameter('form_description'))));
        $reconscript_script = get_parameter('form_script', '');

        // Get macros.
@ -260,7 +260,7 @@ class ManageNetScanScripts extends Wizard

        // If modified any parameter.
        $reconscript_name = get_parameter('form_name', '');
-        $reconscript_description = get_parameter('form_description', '');
+        $reconscript_description = io_safe_input(strip_tags(io_safe_output((string) get_parameter('form_description'))));
        $reconscript_script = get_parameter('form_script', '');

        // Get macros.