Skip to content
Permalink
Browse files
sec(RSS) XSS in RSS content. https://huntr.dev/bounties/67ab09e4-07cf…
  • Loading branch information
joebordes committed Oct 17, 2021
1 parent 1b9c86b commit 695d69ab0575d7b5c8e3f8ff9c52158ec030afbf
Showing with 7 additions and 2 deletions.
  1. +7 −2 modules/Rss/Rss.php
@@ -60,8 +60,13 @@ public function getListViewRSSHtml() {
$rss_title= ltrim(rtrim($stringConvert));
$i = $i + 1;
$shtml .= "<tr class='prvPrfHoverOff' onmouseover=\"this.className='prvPrfHoverOn'\" onmouseout=\"this.className='prvPrfHoverOff'\">";
$shtml .= "<td><a href=\"javascript:display('".$item->get_permalink()."','feedlist_".$i."')\"; id='feedlist_".$i."' class=\"rssNews\">";
$shtml .= $rss_title."</a></td><td>".$this->rss_title."</td></tr>";
$cleanJS = vtlib_purify('<a href="'.$item->get_permalink().'"></a>');
if (strlen($cleanJS)>10) {
$cleanJS = substr(vtlib_purify($cleanJS), 9); // strip a href
$cleanJS = substr($cleanJS, 0, strlen($cleanJS)-6); // strip </a>
}
$shtml .= "<td><a href=\"javascript:display('".$cleanJS."','feedlist_".$i."')\"; id='feedlist_".$i."' class=\"rssNews\">";
$shtml .= $rss_title."</a></td><td>".vtlib_purify($this->rss_title)."</td></tr>";
if ($i == 10) {
return $shtml;
}

0 comments on commit 695d69a

Please sign in to comment.