Hansmach1ne security fixes #583

This commit fixes three XSS vulnerabilities. 1) 'indexFile' parameter /ajax.php?f=getPipelineJobOrder&joborderID=1&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=15)"></a><script>alert`xss`</script>&isPopup=0 2) 'entriesPerPage' parameter /ajax.php?f=getPipelineJobOrder&joborderID=2&page=0&entriesPerPage=15)"></a> <script>alert`xss`</script>&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 3)'joborderID' parameter /ajax.php?f=getPipelineJobOrder&joborderID=1)"></a> <script>alert`xss`</script>&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0

This commit will fix two XSS vulnerabilities in toolbar module functionality. 1) GET parameter 'callback'. /index.php?m=toolbar&callback=<script>alert`xss`</script>&a=authenticate 2) GET parameter 'email' /index.php?m=toolbar&callback=<script>alert`xss`</script>&a=checkEmailIsInSystem&email=<script>alert(document.domain)</script>

Commits on Sep 25, 2022

Update CareersUI.php

hansmach1ne committed Sep 25, 2022

Configuration menu

View commit details

Copy full SHA for 2e70547

Browse repository at this point

Copy the full SHA

2e70547 View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hansmach1ne security fixes #583

Hansmach1ne security fixes #583

Commits on Sep 25, 2022

Commits on Oct 2, 2022

Commits on Oct 3, 2022