Headline
CVE-2023-4517: Security patch for XSS in Edit server (#3946) · hestiacp/hestiacp@d30e3ed
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
Expand Up @@ -512,7 +512,7 @@ class="form-control js-password-input" class="form-control" name="v_mysql_url" id="v_mysql_url" value="<?= $_SESSION[“DB_PMA_ALIAS”] ?>" value="<?= htmlentities($_SESSION[“DB_PMA_ALIAS”]); ?>" > </div> <div class="u-mb10"> Expand Down Expand Up @@ -618,7 +618,7 @@ class="form-control" <label for="v_pgsql_url" class="form-label"> <?= _(“phpPgAdmin Alias”) ?> </label> <input type="text" class="form-control" name="v_pgsql_url" id="v_pgsql_url" value="<?= $_SESSION[“DB_PGA_ALIAS”] ?>"> <input type="text" class="form-control" name="v_pgsql_url" id="v_pgsql_url" value="<?= htmlentities($_SESSION[“DB_PGA_ALIAS”]) ?>"> </div> <?php } ?> <?php if ($v_pgsql == “yes”) { Expand Down Expand Up @@ -727,7 +727,7 @@ class="u-ml5" class="form-control" name="v_backup_dir" id="v_backup_dir" value="<?= trim($v_backup_dir, “’”) ?>" value="<?= htmlentities(trim($v_backup_dir, “’”)) ?>" disabled > </div> Expand Down Expand Up @@ -785,7 +785,7 @@ class="form-select" class="form-control" name="v_backup_host" id="v_backup_host" value="<?= trim($v_backup_host, “’”) ?>" value="<?= htmlentities(trim($v_backup_host, “’”)) ?>" > </div> <div class="u-mb20"> Expand All @@ -797,7 +797,7 @@ class="form-control" class="form-control" name="v_backup_port" id="v_backup_port" value="<?= trim($v_backup_port, “’”) ?>" value="<?= htmlentities(trim($v_backup_port, “’”)) ?>" > </div> <div class="u-mb10"> Expand All @@ -809,7 +809,7 @@ class="form-control" class="form-control" name="v_backup_username" id="v_backup_username" value="<?= trim($v_backup_username, “’”) ?>" value="<?= htmlentities(trim($v_backup_username, “’”)) ?>" > </div> <div class="u-mb20"> Expand All @@ -822,7 +822,7 @@ class="form-control" class="form-control js-password-input" name="v_backup_password" id="v_backup_password" value="<?= trim($v_backup_password, “’”) ?>" value="<?= htmlentities(trim($v_backup_password, “’”)) ?>" > </div> </div> Expand All @@ -835,7 +835,7 @@ class="form-control js-password-input" class="form-control" name="v_backup_bpath" id="v_backup_bpath" value="<?= trim($v_backup_bpath, “’”) ?>" value="<?= htmlentities(trim($v_backup_bpath, “’”)) ?>" > </div> </div> Expand All @@ -849,7 +849,7 @@ class="form-control" class="form-control" name="v_backup_bucket" id="v_backup_bucket" value="<?= trim($v_backup_bucket, “’”) ?>" value="<?= htmlentities(trim($v_backup_bucket, “’”)) ?>" > </div> <div class="u-mb10"> Expand All @@ -861,7 +861,7 @@ class="form-control" class="form-control" name="v_backup_application_id" id="v_backup_application_id" value="<?= trim($v_backup_application_id, “’”) ?>" value="<?= htmlentities(trim($v_backup_application_id, “’”)) ?>" > </div> <div class="u-mb10"> Expand All @@ -873,7 +873,7 @@ class="form-control" class="form-control" name="v_backup_application_key" id="v_backup_application_key" value="<?= trim($v_backup_application_key, “’”) ?>" value="<?= htmlentities(trim($v_backup_application_key, “’”)) ?>" > </div> </div> Expand All @@ -887,7 +887,7 @@ class="form-control" class="form-control" name="v_rclone_host" id="v_rclone_host" value="<?= trim($v_rclone_host, “’”) ?>" value="<?= htmlentities(trim($v_rclone_host, “’”)) ?>" > </div> <div class="u-mb10"> Expand All @@ -899,7 +899,7 @@ class="form-control" class="form-control" name="v_rclone_path" id="v_rclone_path" value="<?= trim($v_rclone_path, “’”) ?>" value="<?= htmlentities(trim($v_rclone_path, “’”)) ?>" > </div> </div> Expand Down Expand Up @@ -946,33 +946,33 @@ class="form-control u-min-height100 u-console" <ul class="values-list"> <li class="values-list-item"> <span class="values-list-label"><?= _(“Issued To”) ?></span> <span class="values-list-value"><?= $v_ssl_subject ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_subject) ?></span> </li> <?php if ($v_ssl_aliases) { ?> <li class="values-list-item"> <span class="values-list-label"><?= _(“Alternate”) ?></span> <span class="values-list-value"><?= $v_ssl_aliases ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_aliases) ?></span> </li> <?php } ?> <li class="values-list-item"> <span class="values-list-label"><?= _(“Not Before”) ?></span> <span class="values-list-value"><?= $v_ssl_not_before ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_not_before) ?></span> </li> <li class="values-list-item"> <span class="values-list-label"><?= _(“Not After”) ?></span> <span class="values-list-value"><?= $v_ssl_not_after ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_not_after) ?></span> </li> <li class="values-list-item"> <span class="values-list-label"><?= _(“Signature”) ?></span> <span class="values-list-value"><?= $v_ssl_signature ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_signature) ?></span> </li> <li class="values-list-item"> <span class="values-list-label"><?= _(“Key Size”) ?></span> <span class="values-list-value"><?= $v_ssl_pub_key ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_pub_key) ?></span> </li> <li class="values-list-item"> <span class="values-list-label"><?= _(“Issued By”) ?></span> <span class="values-list-value"><?= $v_ssl_issuer ?></span> <span class="values-list-value"><?= htmlentities($v_ssl_issuer) ?></span> </li> </ul> </div> Expand Down