Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] stored XSS in the user add/edit forms
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user

- as reported by Ianis BERNARD - NATO Cyber Security Centre
  • Loading branch information
iglocska committed Mar 17, 2022
1 parent dc63cb7 commit 61d4d36
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion app/View/Users/admin_add.ctp
Expand Up @@ -13,7 +13,7 @@
$password = false;
} else {
$userType = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => $userType . ' user'));
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => h($userType) . ' user'));
}
echo sprintf(
'<div class="clear"></div><div %s>%s</div>',
Expand Down
2 changes: 1 addition & 1 deletion app/View/Users/admin_edit.ctp
Expand Up @@ -16,7 +16,7 @@
$password = false;
} else {
$userType = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => $userType . ' user'));
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => h($userType) . ' user'));
}
echo sprintf(
'<div class="clear"></div><div %s>%s</div>',
Expand Down

0 comments on commit 61d4d36

Please sign in to comment.