The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!
UserSpice   ›   Support Center   ›   UserSpice 4.3 and Below   ›   XSS security issue

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS security issue
mudmin
Lead Developer
*******
Joined: Dec 2015
Posts: 2,285

Reputation: 17
#3
04-16-2017, 01:16 PM
Actually, I double checked this. The problem with using Input::get there is that it would strip out all your formatting and punctuation. You'll noticed that the data is sanitized as it's displayed on the profile.php instead...
$usbio = html_entity_decode($thatUser->bio);

The XSS vulnerability should be taken care of by the token check done in the validation on line 41 unless you're seeing something I'm not.

I could definitely be missing something here. Let me know what you think.

  Reply


Messages In This Thread
XSS security issue - by Caspar Leo - 04-03-2017, 12:50 PM
XSS security issue - by mudmin - 04-03-2017, 03:10 PM
XSS security issue - by mudmin - 04-16-2017, 01:16 PM

Forum Jump:


Users browsing this thread: 2 Guest(s)