Headline
CVE-2020-36654: Fix XSS Vul for $invocation_user · GENI-NSF/geni-portal@39a96fb
A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.
Permalink
Browse files
Fix XSS Vul for $invocation_user
Since the invocation id and invocation user cannot be anything but an alphanumeric string , we will use that check as our fix . This will avoid the usage of any JS code as values since it would need special chars like “<>”
- Loading branch information