Changes to avoid injection

pandora_console/include/functions_io.php

@@ -90,6 +90,10 @@ function io_safe_input($value)
         $value = utf8_encode($value);
     }
 
+    if (preg_match('/<\/?script(.*?)>/', $value)) {
+        $value = preg_replace('/<\/?script(.*?)>/', '', $value);
+    }
+
     $valueHtmlEncode = htmlentities(($value ?? ''), ENT_QUOTES, 'UTF-8', true);
 
     // Replace the character '\' for the equivalent html entitie

pandora_server/lib/PandoraFMS/Tools.pm

@@ -647,6 +647,7 @@ sub safe_input($) {
 
 	return "" unless defined($value);
 
+    $value =~ s/<\/?script(.*?)>//gs;
 	$value =~ s/(.)/$CHR2ENT{$1}||$1/ge;
 	
 	return $value;

pandora_server/util/pandora_manage.pl

@@ -3429,6 +3429,8 @@ sub cli_agent_update() {
 	my @id_agents;
 	my $id_agent;
 
+	$new_value = safe_input($new_value);
+
 	if (defined $use_alias and $use_alias eq 'use_alias') {
 		@id_agents = get_agent_ids_from_alias($dbh,$agent_name);
 		foreach my $id (@id_agents) {