Headline
CVE-2023-5894: pkp/pkp-lib#9283 Correctly escape special characters in issue title (… · pkp/ojs@66927de
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.
Expand Up
@@ -58,7 +58,7 @@ public function getCellActions($request, $row, $column, $position = GridHandler:
'edit’,
new AjaxModal(
$router->url($request, null, null, 'editIssue’, null, [‘issueId’ => $issue->getId()]),
__('editor.issues.editIssue’, [‘issueIdentification’ => $issue->getIssueIdentification()]),
__('editor.issues.editIssue’, [‘issueIdentification’ => htmlspecialchars($issue->getIssueIdentification())]),
'modal_edit’,
true
),
Expand Down