From 1dd461277c1e6901fdb05dee9402d7ea4b2e245d Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Sat, 4 Dec 2021 13:40:40 +0100
Subject: [PATCH] sec(Users) XSS in name

---
 modules/Vtiger/header.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Vtiger/header.php b/modules/Vtiger/header.php
index 3bac6d1020..c2f3636b8d 100644
--- a/modules/Vtiger/header.php
+++ b/modules/Vtiger/header.php
@@ -24,7 +24,7 @@
 $smarty->assign('HEADERS', $header_array);
 $smarty->assign('THEME', $theme);
 $smarty->assign('IMAGEPATH', $image_path);
-$smarty->assign('USER', $userName);
+$smarty->assign('USER', trim(gtltTagsToHTML($userName)));
 $smarty->assign('CSRFNAME', $GLOBALS['csrf']['input-name']);
 
 $qc_modules = getQuickCreateModules();