pnp4nagios icon indicating copy to clipboard operation
pnp4nagios copied to clipboard

Published 20 hours ago verified publisher icon lingej

URL parameter 'source' is passed into JS without sufficient validation

Open Ysincit opened this issue 4 years ago • 2 comments

Hi, I have checked that no CVE exists for that, up to now, but you may like to create one. In share/pnp/application/controllers/system.php the parameter 'source' is read this way: $this->source = pnp::clean($this->input->get('source',NULL)); pnp::clean does a htmlspecialchars(), but will do nothing with ;} and so on. Because of that, the direct output of the variable 'source' into a JavaScript in pnp4nagios/share/application/views/zoom.php: var source = <?php echo $this->source?>; is a problem e.g. test it with ...&source=null;%7d%7d);alert('X.S.S');x=(y=function()%7bz=function()%7b

Regards!

Ysincit avatar Apr 21 '20 06:04 Ysincit

I will have a look! Thanks

lingej avatar Apr 21 '20 15:04 lingej

fixed wit commit 685ff48

lingej avatar Apr 21 '20 16:04 lingej