Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] low probability reflected XSS fixed
- User would need to navigate to a url that contains the payload
- user needs to click on a checkbox in a weird single checkbox page to trigger the exploit

- as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
  • Loading branch information
iglocska committed Apr 17, 2022
1 parent 60c85b8 commit ce6bc88
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/Controller/OrganisationsController.php
Expand Up @@ -392,7 +392,7 @@ public function fetchSGOrgRow($id, $removable = false, $extend = false)
{
$this->layout = false;
$this->autoRender = false;
$this->set('id', $id);
$this->set('id', (int)$id);
$this->set('removable', $removable);
$this->set('extend', $extend);
$this->render('ajax/sg_org_row_empty');
Expand Down

0 comments on commit ce6bc88

Please sign in to comment.