Headline
CVE-2022-4736: Remove 'raw' to fix XSS · jschwindt/Venganzas-del-Pasado@62339b2
A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site scripting. The attack may be launched remotely. The name of the patch is 62339b2ec445692c710b804bdf07aef4bd247ff7. It is recommended to apply a patch to fix this issue. VDB-216770 is the identifier assigned to this vulnerability.
@@ -8,11 +8,11 @@
<% if params[:page].nil? %>
<% the_title = title_part %>
<% else %>
<% the_title = “#{title_part}, <small>Página #{params[:page]}</small>” %>
<% the_title = "#{title_part} (página #{params[:page]})" -%>
<% end %>
<% page_title the_title %>
<% meta_description strip_tags(“#{the_title} de La Venganza será Terrible”) %>
<h2 class="title fancy is-4"><%= raw the_title %></h2>
<h2 class="title fancy is-4"><%= the_title %></h2>
<%= render ‘layouts/banners/top’ %>
<%= render @posts %>
<%= paginate @posts, window: 2 %>
@@ -1,11 +1,11 @@
<% if params[:page].nil? %>
<% the_title = “Contribuciones de Programas de La Venganza será Terrible” -%>
<% else %>
<% the_title = “Contribuciones de Programas de La Venganza será Terrible, <small>Página #{params[:page]}</small>” -%>
<% the_title = "Contribuciones de Programas de La Venganza será Terrible (página #{params[:page]})" -%>
<% end %>
<% page_title the_title -%>
<% meta_description strip_tags(the_title) -%>
<h2 class="title fancy is-4"><%= raw the_title %></h2>
<h2 class="title fancy is-4"><%= the_title %></h2>
<%= render ‘layouts/banners/top’ %>
<%= render @posts %>
<%= paginate @posts, window: 2 %>
@@ -1,11 +1,11 @@
<% if params[:page].present? %>
<% the_title = “Programas de La Venganza será Terrible de Alejandro Dolina, <small>Página #{params[:page]}</small>” -%>
<% the_title = "Programas de La Venganza será Terrible de Alejandro Dolina (página #{params[:page]})" -%>
<% else %>
<% the_title = “Programas de La Venganza será Terrible de Alejandro Dolina” -%>
<% end %>
<% page_title the_title -%>
<% meta_description strip_tags(the_title) -%>
<h2 class="title fancy is-4"><%= raw the_title %></h2>
<h2 class="title fancy is-4"><%= the_title %></h2>
<%= render ‘layouts/banners/top’ %>
<%= render @posts %>
<%= paginate @posts, window: 2 %>
@@ -1,12 +1,12 @@
<% if params[:page].nil? %>
<% the_title = “Torrents de La Venganza será Terrible de Alejandro Dolina” -%>
<% else %>
<% the_title = “Torrents de La Venganza será Terrible de Alejandro Dolina<small>, Página #{params[:page]}</small>” -%>
<% the_title = "Torrents de La Venganza será Terrible de Alejandro Dolina (página #{params[:page]})" -%>
<% end %>
<% page_title the_title -%>
<% meta_description strip_tags(the_title) -%>
<h2 class="title fancy is-4">Descarga de los MP3 usando torrent</h2>
<h2 class="title"><%=raw the_title %></h2>
<h2 class="title"><%= the_title %></h2>
<div class="content">
Si estás usando el RSS de los torrents para agregarlo a tu cliente
BitTorrent favorito y automatizar las descargas,
0 comments on commit 62339b2
Please sign in to comment.