Skip to content

Commit

Permalink
NMS-14854: fix XSS vulnerability in status/index.jsp
Browse files Browse the repository at this point in the history
  • Loading branch information
Jeff Gehlbach committed Feb 2, 2023
1 parent 5205d84 commit 9a366e6
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions opennms-webapp/src/main/webapp/status/index.jsp
View file
Expand Up @@ -2,8 +2,8 @@
/*******************************************************************************
* This file is part of OpenNMS(R).
*
* Copyright (C) 2017 The OpenNMS Group, Inc.
* OpenNMS(R) is Copyright (C) 1999-2017 The OpenNMS Group, Inc.
* Copyright (C) 2017-2023 The OpenNMS Group, Inc.
* OpenNMS(R) is Copyright (C) 1999-2023 The OpenNMS Group, Inc.
*
* OpenNMS(R) is a registered trademark of The OpenNMS Group, Inc.
*
Expand All @@ -28,9 +28,10 @@
*******************************************************************************/
--%>
<%@ page import="org.owasp.encoder.Encode" %>
<%
String title = org.opennms.web.api.Util.getParameter(request, "title", "Undefined");
String type = org.opennms.web.api.Util.getParameter(request, "type");
String title = Encode.forHtml(org.opennms.web.api.Util.getParameter(request, "title", "Undefined"));
String type = Encode.forHtml(org.opennms.web.api.Util.getParameter(request, "type"));
%>

<jsp:include page="/includes/bootstrap.jsp" flush="false">
Expand Down

0 comments on commit 9a366e6

Please sign in to comment.