aboutsummaryrefslogtreecommitdiffstats
path: root/util/addons
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2022-03-20 13:10:56 +0100
committerHarald Eilertsen <haraldei@anduin.net>2022-03-20 15:34:24 +0100
commitd35609f33a3679043b8fa4dc3ad2570b425c06f5 (patch)
treef2b2e593b12c66b00e1958eaeff48a1f2000ece8 /util/addons
parent8c19ab8f9f47a522ad2b929495f3b5821efd2f34 (diff)
downloadvolse-hubzilla-d35609f33a3679043b8fa4dc3ad2570b425c06f5.tar.gz
volse-hubzilla-d35609f33a3679043b8fa4dc3ad2570b425c06f5.tar.bz2
volse-hubzilla-d35609f33a3679043b8fa4dc3ad2570b425c06f5.zip
CVE-2022-27258: XSS via rpath query param.
Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
Diffstat (limited to 'util/addons')
0 files changed, 0 insertions, 0 deletions