MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] Stored XSS when forking a galaxy cluster 

As reported by Giuseppe Diego Gianni
pull/7602/head
mokaddem 2021-07-26 12:26:11 +02:00
parent a2f18fd4ea
commit 78edbbca64
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/View/GalaxyClusters/add.ctp
View File

@ -5,7 +5,7 @@
if (isset($forkedClusterMeta)) {
foreach ($forkedClusterMeta as $key => $value) {
if (is_array($value)) {
$forkedClusterHtmlPreview .= sprintf('<div><b>%s: </b><div data-toggle="json" class="large-left-margin">%s</div></div>', h($key), json_encode($value));
$forkedClusterHtmlPreview .= sprintf('<div><b>%s: </b><div data-toggle="json" class="large-left-margin">%s</div></div>', h($key), json_encode(h($value)));
} else {
$forkedClusterHtmlPreview .= sprintf('<div><b>%s: </b>%s</div>', h($key), h($value));
}