Project

General

Profile

Actions

Bug #7876

closed

Potential XSS in status_monitoring.php

Added by Jim Pingle about 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Status_Monitoring
Target version:
Start date:
09/19/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
All

Description

The "view" variable in status_monitoring.php is taken from $_GET and used in a hidden input ("view-title") without encoding, thus user-supplied input from GET is being put directly in the resulting HTML, resulting in an XSS vector.

Actions

Also available in: Atom PDF