Headline
CVE-2023-28884: fix: [security] XSS in community index · MISP/MISP@b94c797
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
Permalink
Browse files
fix: [security] XSS in community index
- As reported by Zigrin Security
- Loading branch information
Showing 1 changed file with 2 additions and 0 deletions.
@@ -27,6 +27,8 @@ public function createPaginationRules($items, $options, $model, $sort = 'id’, $f
$params[‘options’][$v] = $options[$v];
}
}
$params[‘page’] = is_numeric($params[‘page’]) ? $params[‘page’] : 1;
$params[‘limit’] = is_numeric($params[‘limit’]) ? $params[‘limit’] : 60;
$maxPage = floor($params[‘count’] / $params[‘limit’]);
if ($params[‘count’] % $params[‘limit’] != 0) {
$maxPage += 1;
0 comments on commit b94c797
Please sign in to comment.