Skip to content
Permalink
Browse files Browse the repository at this point in the history
Admin: Escape ticket excerpt on Tickets screen to avoid XSS.
An attacker could submit the following payload via `[supportflow_submissionform]` to perform cross-site-scripting:

`<script>alert('XSS');</script>`

That attack has a CVSS score of 6.1 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Props https://hackerone.com/whitehatter for discovering and disclosing responsibly.

Fixes https://hackerone.com/reports/145091
  • Loading branch information
iandunn committed Jun 20, 2016
1 parent c08d376 commit c507cc8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion classes/class-supportflow-admin.php
Expand Up @@ -1185,7 +1185,7 @@ function action_manage_posts_custom_column( $column_name, $ticket_id ) {
if ( strlen( $first_reply ) > 50 ) {
$first_reply = substr( $first_reply, 0, 50 );
}
echo $first_reply;
echo esc_html( $first_reply );
break;
case 'customers':
$customers = SupportFlow()->get_ticket_customers( $ticket_id, array( 'fields' => 'emails' ) );
Expand Down

0 comments on commit c507cc8

Please sign in to comment.