Skip to content
Snippets Groups Projects
Commit 741fd186 authored by Jared Hancock's avatar Jared Hancock
Browse files

security: Remove potential XSS vulnerability 

The ThreadEntryWidget has a potential cross site scripting (XSS)
vulnerability if data was posted directly to the page hosting the widget

Vulnerable URLs:
view.php, open.php, scp/open.php, scp/tickets.php

The content received in the HTTP POST is now correctly escaped when it is
echoed back to the user agent.
parent dc094107
Branches
Tags
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment