tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-11795-stored-cross-site-scripting-via-site-news-page' into 'develop' 

Ent 11795 stored cross site scripting via site news page

See merge request artica/pandorafms!6290
This commit is contained in:
Rafael Ameijeiras 2023-08-18 06:44:33 +00:00
parent e28c7db126 cf7b123eb0
commit 81f7591cb6
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/general/logon_ok.php
View File

@ -259,6 +259,8 @@ if (!empty($news)) {
$output_news .= '</div></div>'; $output_news .= '</div></div>';
} else { } else {
$text = str_replace('<script', '&lt;script', $text);
$text = str_replace('</script', '&lt;/script', $text);
$output_news .= nl2br($text); $output_news .= nl2br($text);
} }