MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] Stored XSS when viewing galaxy cluster elements in JSON format

pull/7613/head
mokaddem 2021-07-29 13:44:11 +02:00
parent b9619549af
commit f318f7c0dd
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/View/GalaxyElements/ajax/index.ctp
View File

@ -83,7 +83,7 @@ if ($context == 'JSONView') {
echo $this->element('/genericElements/IndexTable/index_table', $indexOptions);
if ($context == 'JSONView') {
echo sprintf('<div id="elementJSONDiv" class="well well-small">%s</div>', json_encode($JSONElements));
echo sprintf('<div id="elementJSONDiv" class="well well-small">%s</div>', json_encode(h($JSONElements)));
}
?>