Project

General

Profile

Actions

Bug #8037

closed

status_monitoring.php XSS

Added by Anonymous over 6 years ago. Updated over 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
10/31/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.2
Affected Architecture:

Description

If you click the edit icon > display advanced > add view and then enter <script>alert(1)</script> it looks like it doesn't sanitize any input and chrome gives you an XSS warning and then you press back and the alert pops up.
In status_monitoring.php I think all that is needed is to escape the post variable $title. There are 2 sections one is under if($_POST['add-view']) and if ($_POST['save-view']) Changing this `$title = $_POST['view-title'];` to this `$title = htmlspecialchars($_POST['view-title']);` seems to work. You may want to check the javascript version of create-slug(); and add-view.onclick() It is suppose to check for duplicates but if you escape the HTML characters in PHP it doesn't match up and will let you put duplicates if they contain HTML characters.

Actions

Also available in: Atom PDF