Bug #8037
closedstatus_monitoring.php XSS
0%
Description
If you click the edit icon > display advanced > add view and then enter <script>alert(1)</script> it looks like it doesn't sanitize any input and chrome gives you an XSS warning and then you press back and the alert pops up.
In status_monitoring.php I think all that is needed is to escape the post variable $title. There are 2 sections one is under if($_POST['add-view']) and if ($_POST['save-view']) Changing this `$title = $_POST['view-title'];` to this `$title = htmlspecialchars($_POST['view-title']);` seems to work. You may want to check the javascript version of create-slug(); and add-view.onclick() It is suppose to check for duplicates but if you escape the HTML characters in PHP it doesn't match up and will let you put duplicates if they contain HTML characters.
Updated by Jim Pingle almost 7 years ago
- Status changed from New to Duplicate
Looking back at #7876 it seems like the same base issue but there were two more potential vectors that needed repair, I put everything under the old ticket. Fixes are pushed everywhere now.