Skip to content

Commit 0bff06e

Browse files
mantisdregad
authored andcommitted
Fix #17583: XSS in projax_api.php
Offensive Security reported this issue via their bug bounty program [1]. The Projax library does not properly escape html strings. An attacker could take advantage of this to perform an XSS attack using the profile/Platform field. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org>
1 parent 511564c commit 0bff06e

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: core/projax_api.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ function projax_array_serialize_for_autocomplete( $p_array ) {
7070
$t_matches = '<ul>';
7171

7272
foreach( $p_array as $t_entry ) {
73-
$t_matches .= "<li>$t_entry</li>";
73+
$t_matches .= '<li>' . string_attribute( $t_entry ) . '</li>';
7474
}
7575

7676
$t_matches .= '</ul>';

0 commit comments

Comments
 (0)