From 6a192433cbe97bbf5bf93d819bafcc1d53f3b2e9 Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Wed, 9 Sep 2020 11:27:08 +0200
Subject: [PATCH] Avoid XSS in Net Scan scripts

---
 pandora_console/include/class/ManageNetScanScripts.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pandora_console/include/class/ManageNetScanScripts.class.php b/pandora_console/include/class/ManageNetScanScripts.class.php
index cc63820049..e41e692146 100644
--- a/pandora_console/include/class/ManageNetScanScripts.class.php
+++ b/pandora_console/include/class/ManageNetScanScripts.class.php
@@ -180,7 +180,7 @@ class ManageNetScanScripts extends Wizard
         $result = [];
 
         $reconscript_name = get_parameter('form_name', '');
-        $reconscript_description = get_parameter('form_description', '');
+        $reconscript_description = io_safe_input(strip_tags(io_safe_output((string) get_parameter('form_description'))));
         $reconscript_script = get_parameter('form_script', '');
 
         // Get macros.
@@ -260,7 +260,7 @@ class ManageNetScanScripts extends Wizard
 
         // If modified any parameter.
         $reconscript_name = get_parameter('form_name', '');
-        $reconscript_description = get_parameter('form_description', '');
+        $reconscript_description = io_safe_input(strip_tags(io_safe_output((string) get_parameter('form_description'))));
         $reconscript_script = get_parameter('form_script', '');
 
         // Get macros.