diff options
author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-20 13:10:56 +0100 |
---|---|---|
committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-20 15:34:24 +0100 |
commit | d35609f33a3679043b8fa4dc3ad2570b425c06f5 (patch) | |
tree | f2b2e593b12c66b00e1958eaeff48a1f2000ece8 /Zotlabs/Render/TemplateEngine.php | |
parent | 8c19ab8f9f47a522ad2b929495f3b5821efd2f34 (diff) | |
download | volse-hubzilla-d35609f33a3679043b8fa4dc3ad2570b425c06f5.tar.gz volse-hubzilla-d35609f33a3679043b8fa4dc3ad2570b425c06f5.tar.bz2 volse-hubzilla-d35609f33a3679043b8fa4dc3ad2570b425c06f5.zip |
CVE-2022-27258: XSS via rpath query param.
Escape URLs provided by the rpath query param in settings modules. This
prevents a possible Cross-Site scripting vulnerability, where an
attacker could inject web scripts and html into the settings form via
the rpath query parameter, and have a user execute the script by
tricking them to clicking a link.
Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
Diffstat (limited to 'Zotlabs/Render/TemplateEngine.php')
0 files changed, 0 insertions, 0 deletions