From 4f86915866703e2fcd1e34b3fc1181ec2ad78e54 Mon Sep 17 00:00:00 2001
From: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com>
Date: Sun, 13 Feb 2022 19:07:37 +0100
Subject: [PATCH] XSS fix, cont. (#13776)

https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d/
---
 includes/html/pages/addhost.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/html/pages/addhost.inc.php b/includes/html/pages/addhost.inc.php
index 07dc9e44ade5..c95135673560 100644
--- a/includes/html/pages/addhost.inc.php
+++ b/includes/html/pages/addhost.inc.php
@@ -45,9 +45,9 @@
             $snmpver = 'v2c';
             $additional = [
                 'snmp_disable' => 1,
-                'os'           => $_POST['os'] ? $_POST['os_id'] : 'ping',
-                'hardware'     => $_POST['hardware'],
-                'sysName'      => $_POST['sysName'],
+                'os'           => $_POST['os'] ? strip_tags($_POST['os_id']) : 'ping',
+                'hardware'     => strip_tags($_POST['hardware']),
+                'sysName'      => strip_tags($_POST['sysName']),
             ];
         } elseif ($_POST['snmpver'] === 'v2c' || $_POST['snmpver'] === 'v1') {
             if ($_POST['community']) {