From e833c318a5a91d6d709a5b266c1245261b4c0e70 Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Wed, 9 Sep 2020 12:35:28 +0200
Subject: [PATCH] Avoid XSS in Module templates

---
 pandora_console/include/class/ModuleTemplates.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pandora_console/include/class/ModuleTemplates.class.php b/pandora_console/include/class/ModuleTemplates.class.php
index 585a40aa13..434a3555c6 100644
--- a/pandora_console/include/class/ModuleTemplates.class.php
+++ b/pandora_console/include/class/ModuleTemplates.class.php
@@ -303,8 +303,8 @@ class ModuleTemplates extends HTML
         if (!empty($this->action)) {
             // Success variable.
             $success     = false;
-            $this->name             = get_parameter('name', '');
-            $this->description      = get_parameter('description', '');
+            $this->name             = io_safe_input(strip_tags(io_safe_output((string) get_parameter('name'))));
+            $this->description      = io_safe_input(strip_tags(io_safe_output((string) get_parameter('description'))));
             $this->pen              = get_parameter('pen', '');
 
             switch ($this->action) {