tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-10160-stored-cross-site-scripting-vulnerability-in-visual-console-module' into 'develop'

Browse Source 
Ent 10160 stored cross site scripting vulnerability in visual console module

See merge request artica/pandorafms!5447
This commit is contained in:
Rafael Ameijeiras 2023-01-26 12:55:15 +00:00
commit 7c379062cf
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/godmode/reporting/visual_console_builder.php
View File

@ -177,7 +177,7 @@ switch ($activeTab) {
$background_color = (string) get_parameter('background_color'); $background_color = (string) get_parameter('background_color');
$width = (int) get_parameter('width'); $width = (int) get_parameter('width');
$height = (int) get_parameter('height'); $height = (int) get_parameter('height');
$visualConsoleName = (string) get_parameter('name'); $visualConsoleName = io_safe_input((string) get_parameter('name'));
$is_favourite = (int) get_parameter('is_favourite_sent'); $is_favourite = (int) get_parameter('is_favourite_sent');
$auto_adjust = (int) get_parameter('auto_adjust_sent'); $auto_adjust = (int) get_parameter('auto_adjust_sent');

2
pandora_console/include/rest-api/models/VisualConsole/Container.php
View File

@ -357,7 +357,7 @@ final class Container extends Model
$config['dbpass'].$row['id'].$config['id_user'] $config['dbpass'].$row['id'].$config['id_user']
); );
return \io_safe_output($row); return $row;
} }