Project

General

Profile

Actions

Bug #8302

closed

traffic_graphs.widget.php potential XSS via settings

Added by Jim Pingle about 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Dashboard
Target version:
Start date:
01/29/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

traffic_graphs.widget.php does not perform input validation on its settings, which can lead to a potential XSS due to the way the settings are used in JavaScript.

The widget needs input validation and to encode the setting output before use.

Actions

Also available in: Atom PDF