Skip to content
Permalink
Browse files
Merge pull request #485 from yogeshojha/fix/xss_in_schedule
Fixed XSS Reported on Huntr by @nerrorsec
  • Loading branch information
yogeshojha committed Aug 29, 2021
2 parents 7fee495 + 5495de0 commit f21e83207b5e82124788d34d9faab9cacdb558fd
Showing with 4 additions and 4 deletions.
  1. +1 −1 web/startScan/templates/startScan/schedule_scan_list.html
  2. +3 −3 web/static/custom/custom.js
@@ -81,7 +81,7 @@ <h4>Scheduled Scans</h4>
</label>
</td>
<td class="text-center">
<a onclick="deleteScheduledScan({{ task.id }}, '{% with task_name=task.name|split:":" %}{{ task_name.0 }}{% endwith %}')" class="bs-tooltip btnDelTask" href="#" data-toggle="tooltip" data-placement="top" title="" data-original-title="Delete Scheduled Task">
<a onclick="deleteScheduledScan({{ task.id }})" class="bs-tooltip btnDelTask" href="#" data-toggle="tooltip" data-placement="top" title="" data-original-title="Delete Scheduled Task">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather table-delete feather-x-circle">
<circle cx="12" cy="12" r="10"></circle>
<line x1="15" y1="9" x2="9" y2="15"></line>
@@ -36,12 +36,12 @@ function jsEscape(str){

}

function deleteScheduledScan(id, task_name)
function deleteScheduledScan(id)
{
const delAPI = "../delete/scheduled_task/"+id;
swal.queue([{
title: 'Are you sure you want to delete ' + task_name + '?',
text: "You won't be able to revert this!",
title: 'Are you sure you want to delete this?',
text: "This action is irreversible.",
type: 'warning',
showCancelButton: true,
confirmButtonText: 'Delete',

0 comments on commit f21e832

Please sign in to comment.