Headline
CVE-2022-0589: XSS fixes (#13780) · librenms/librenms@4c9d4ee
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
Permalink
Browse files
- Loading branch information
1 parent 41ddce6 commit 4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa
Showing with 5 additions and 5 deletions.
- +1 −1 includes/html/forms/add-dashboard.inc.php
- +3 −3 includes/html/forms/customoid.inc.php
- +1 −1 includes/html/forms/transport-groups.inc.php
@@ -34,7 +34,7 @@
$status = 'error’;
$message = 'unknown error’;
$dashboard_name = trim($_REQUEST[‘dashboard_name’]);
$dashboard_name = trim(strip_tags($_REQUEST[‘dashboard_name’]));
if (! empty($dashboard_name) && ($dash_id = dbInsert([‘dashboard_name’ => $dashboard_name, ‘user_id’ => Auth::id()], ‘dashboards’))) {
$status = 'ok’;
@@ -17,9 +17,9 @@
$device_id = $_POST[‘device_id’];
$id = $_POST[‘ccustomoid_id’];
$action = $_POST[‘action’];
$name = $_POST[‘name’];
$oid = $_POST[‘oid’];
$datatype = $_POST[‘datatype’];
$name = strip_tags($_POST[‘name’]);
$oid = strip_tags($_POST[‘oid’]);
$datatype = strip_tags($_POST[‘datatype’]);
if (empty(($_POST[‘unit’]))) {
$unit = [‘NULL’];
} else {
@@ -35,7 +35,7 @@
$message = '’;
$group_id = $vars[‘group_id’];
$name = $vars[‘name’];
$name = strip_tags($vars[‘name’]);
$target_members = [];
foreach ((array) $vars[‘members’] as $target) {
0 comments on commit 4c9d4ee
Please sign in to comment.