From cf7b123eb0cc46c052b94503234b31ef48ccfcf9 Mon Sep 17 00:00:00 2001
From: miguel angel rasteu <miguelangel.rasteu@pandorafms.com>
Date: Fri, 28 Jul 2023 12:36:10 +0200
Subject: [PATCH] #11795 Prevent XSS attack in site news page

---
 pandora_console/general/logon_ok.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pandora_console/general/logon_ok.php b/pandora_console/general/logon_ok.php
index cf5379bf91..6567347999 100644
--- a/pandora_console/general/logon_ok.php
+++ b/pandora_console/general/logon_ok.php
@@ -259,6 +259,8 @@ if (!empty($news)) {
 
             $output_news .= '</div></div>';
         } else {
+            $text = str_replace('<script', '&lt;script', $text);
+            $text = str_replace('</script', '&lt;/script', $text);
             $output_news .= nl2br($text);
         }