Skip to content
Permalink
Browse files Browse the repository at this point in the history
[Security]
* Fixed an issue where XSS was possible in the service desk image url inclusion.
  • Loading branch information
Jeroen Kooiman authored and secretdataz committed Feb 11, 2022
1 parent f49b554 commit 8a39b2b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion themes/default/servicedesk/view.php
Expand Up @@ -46,7 +46,7 @@
<?php if($trow->sslink!='0'): ?>
<tr>
<th>Screenshots</th>
<td colspan="3"><a href="<?php echo $trow->sslink ?>" target="_blank"><img src="<?php echo $trow->sslink ?>" width="100px" height="100"></a></td></tr>
<td colspan="3"><a href="<?php echo htmlspecialchars($trow->sslink) ?>" target="_blank"><img src="<?php echo htmlspecialchars($trow->sslink) ?>" width="100px" height="100"></a></td></tr>
</tr>
<?php endif ?>
<?php if($trow->videolink!='0'): ?>
Expand Down

0 comments on commit 8a39b2b

Please sign in to comment.