Fixed issue #19037: [security] Reflected XSS in LimeSurvey via userid…

… parameter (#3406) Co-authored-by: lapiudevgit <devgit@lapiu.biz>
LimeSurvey · Sep 14, 2023 · ef00d48 · ef00d48
1 parent dd7f575
commit ef00d48
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/application/controllers/UserManagementController.php b/application/controllers/UserManagementController.php
@@ -435,6 +435,7 @@ public function actionDeleteConfirm()
             );
         }
         $userId = Yii::app()->request->getParam('userid');
+        $userId = sanitize_int($userId);
         $aData['userId'] = $userId;
         return $this->renderPartial('partial/confirmuserdelete', $aData);
     }