tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-11794-stored-cross-site-scripting-via-dashboard-panel' into 'develop' 

Ent 11794 stored cross site scripting via dashboard panel

See merge request artica/pandorafms!6296
This commit is contained in:
Rafael Ameijeiras 2023-08-21 06:23:49 +00:00
parent 6538463596 f09ab409cc
commit a6e1e1cf61
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/javascript/pandora_dashboards.js
View File

@ -217,6 +217,8 @@ function initialiceLayout(data) {
success: function(widgetData) { success: function(widgetData) {
// Remove spinner. // Remove spinner.
removeSpinner(element); removeSpinner(element);
widgetData = widgetData.replace("<script", "&lt;script");
widgetData = widgetData.replace("</script", "&lt;/script");
$("#widget-" + id + " .content-widget").append(widgetData); $("#widget-" + id + " .content-widget").append(widgetData);
$("#button-add-widget-" + id).click(function() { $("#button-add-widget-" + id).click(function() {