mirror of https://github.com/MISP/MISP
fix: [security] stored XSS in the correlation top list
- if an attribute with an XSS payload as its value ends up being in the top list of correlations, then an administrator viewing the top correlations would execute the XSS - as reported by Grzegorz Misiunpull/9176/merge
parent
4c75abbb70
commit
597977694d
|
@ -57,5 +57,5 @@
|
|||
'%s<a href="#" onclick="event.preventDefault(); %s">%s</a>',
|
||||
$form,
|
||||
$onclick,
|
||||
$text
|
||||
h($text)
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue