Merge branch 'ent-10160-stored-cross-site-scripting-vulnerability-in-visual-console-module' into 'develop'

Ent 10160 stored cross site scripting vulnerability in visual console module See merge request artica/pandorafms!5447
2023-01-26 12:55:15 +00:00 · 2023-01-26 12:55:15 +00:00 · 7c379062cf
parent 7bdfb1a096 7163b3d853
commit 7c379062cf
2 changed files with 2 additions and 2 deletions
--- a/pandora_console/godmode/reporting/visual_console_builder.php
+++ b/pandora_console/godmode/reporting/visual_console_builder.php
@ -177,7 +177,7 @@ switch ($activeTab) {
                $background_color = (string) get_parameter('background_color');
                $width = (int) get_parameter('width');
                $height = (int) get_parameter('height');
-                $visualConsoleName = (string) get_parameter('name');
+                $visualConsoleName = io_safe_input((string) get_parameter('name'));
                $is_favourite  = (int) get_parameter('is_favourite_sent');
                $auto_adjust  = (int) get_parameter('auto_adjust_sent');

--- a/pandora_console/include/rest-api/models/VisualConsole/Container.php
+++ b/pandora_console/include/rest-api/models/VisualConsole/Container.php
@ -357,7 +357,7 @@ final class Container extends Model
            $config['dbpass'].$row['id'].$config['id_user']
        );

-        return \io_safe_output($row);
+        return $row;
    }