Fix to a reflected XSS in the event choice

app/View/Events/ajax/exportChoice.ctp

@@ -4,10 +4,10 @@
 		<table style="width:100%;">
 		<?php foreach ($exports as $k => $export): ?>
 			<tr style="border-bottom:1px solid black;" class="templateChoiceButton">
-				<td style="padding-left:10px; text-align:left;width:50%;" onClick="exportChoiceSelect('<?php echo $export['url']; ?>', '<?php echo $k; ?>', '<?php echo $export['checkbox']; ?>')"><?php echo $export['text']; ?></td>
+				<td style="padding-left:10px; text-align:left;width:50%;" onClick="exportChoiceSelect('<?php echo h($export['url']); ?>', '<?php echo h($k); ?>', '<?php echo h($export['checkbox']); ?>')"><?php echo h($export['text']); ?></td>
 				<td style="padding-right:10px; width:50%;text-align:right;">
 					<?php if ($export['checkbox']): 
-						echo $export['checkbox_text'];
+						echo h($export['checkbox_text']);
 					?>
 						<input id = "<?php echo $k . '_toggle';?>" type="checkbox" style="align;vertical-align:top;margin-top:8px;">
 						<span id ="<?php echo $k?>_set" style="display:none;"><?php echo h($export['checkbox_set']); ?></span>

app/View/Events/automation.ctp

@@ -359,10 +359,10 @@ The event ID is optional. MISP will accept either a JSON or an XML object posted
 <h3>Add or remove tags from events</h3>
 <p>You can add or remove an existing tag from an event in the following way:</p>
 <pre>
-<?php echo Configure::read('MISP.baseurl').'/attributes/addTag'; ?>
+<?php echo Configure::read('MISP.baseurl').'/events/addTag'; ?>
 </pre>
 <pre>
-<?php  echo Configure::read('MISP.baseurl').'/attributes/removeTag'; ?>
+<?php  echo Configure::read('MISP.baseurl').'/events/removeTag'; ?>
 </pre>
 <p>Just POST a json object in the following format (to the appropriate API depending on whether you want to add or delete a tag from an event):</p>
 <code>{"request": {"Event": {"id": "228", "tag": "8"}}}</code><br /><br />