Fix h1 report 99004

Reflected XSS ------------- The HackerOne user @decidedlygray has reported that the affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack via the "charset" parameter. If the target system is running a Revive Adserver version older than 3.2.2, such a vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. A CVE-ID has been requested, but not assigned yet. CWE: CWE-79 CVSSv2: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
revive-adserver · Mar 1, 2016 · a323fd6 · a323fd6
1 parent 3aaebcc
commit a323fd6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/plugins_repo/openXInvocationTags/plugins/invocationTags/oxInvocationTags/spc.class.php b/plugins_repo/openXInvocationTags/plugins/invocationTags/oxInvocationTags/spc.class.php
@@ -233,7 +233,7 @@ function selectElement() {
                         break;
                 case 'charset':
                         $optionName = $GLOBALS['strCharset'];
-                        $optionValue = empty($mi->$feature) ? $GLOBALS['strAutoDetect'] : $mi->$feature;
+                        $optionValue = empty($mi->$feature) ? $GLOBALS['strAutoDetect'] : htmlspecialchars($mi->$feature);
                         break;
                 default:
                         $optionName = $feature;