Skip to content

Commit

Permalink
Fix xss in browser push transport (#14470)
Browse files Browse the repository at this point in the history 
Escape html when populating user list.
  • Loading branch information
@murrant
murrant committed Oct 17, 2022
1 parent 3e3752e commit 15a41c9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion LibreNMS/Alert/Transport/Browserpush.php
View file
Expand Up @@ -53,7 +53,7 @@ public static function configTemplate()
{
$users = [__('All Users') => 0];
foreach (User::get(['user_id', 'username', 'realname']) as $user) {
$users[$user->realname ?: $user->username] = $user->user_id;
$users[htmlentities($user->realname ?: $user->username)] = $user->user_id;
}

return [
Expand Down

0 comments on commit 15a41c9

Please sign in to comment.