Skip to content

xss in spikekill.php via para method #907

Closed
@kevinoclam

Description

@kevinoclam

it's not a high level vuln, maybe medium or low
line 37
echo __("FATAL: Spike Kill method '%s' is Invalid\n", get_nfilter_request_var('method'));
should change into
echo __("FATAL: Spike Kill method '%s' is Invalid\n", htmlspecialchars(get_nfilter_request_var('method')));
default
I should found this at issue 877, I'm sorry for the delay

chen ruiqi
codesafe team of qihoo 360

Metadata

Metadata

Assignees

No one assigned

    Labels

    spikekillIssue related to removing spikes from graphs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions