fix: [security] XSS in galaxy clusters

- fixed a stored XSS in the galaxy clusters - as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
MISP · Apr 17, 2022 · 107e271 · 107e271
1 parent 68a59df
commit 107e271
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/View/GalaxyClusters/view.ctp b/app/View/GalaxyClusters/view.ctp
@@ -56,7 +56,7 @@ $table_data[] = array('key' => __('Collection UUID'), 'value' => $cluster['Galax
 $table_data[] = array(
     'key' => __('Source'),
     'html' => filter_var($cluster['GalaxyCluster']['source'], FILTER_VALIDATE_URL) ?
-        '<a href="' . $cluster['GalaxyCluster']['source'] . '" rel="noreferrer noopener">' . h($cluster['GalaxyCluster']['source']) :
+        '<a href="' . h($cluster['GalaxyCluster']['source']) . '" rel="noreferrer noopener">' . h($cluster['GalaxyCluster']['source']) :
         h($cluster['GalaxyCluster']['source']),
 );
 $table_data[] = array('key' => __('Authors'), 'value' => !empty($cluster['GalaxyCluster']['authors']) ? implode(', ', $cluster['GalaxyCluster']['authors']) : __('N/A'));