Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
sec(RSS) XSS in RSS content. https://huntr.dev/bounties/67ab09e4-07cf…
  • Loading branch information
joebordes committed Oct 17, 2021
1 parent 1b9c86b commit 695d69a
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions modules/Rss/Rss.php
Expand Up @@ -60,8 +60,13 @@ public function getListViewRSSHtml() {
$rss_title= ltrim(rtrim($stringConvert));
$i = $i + 1;
$shtml .= "<tr class='prvPrfHoverOff' onmouseover=\"this.className='prvPrfHoverOn'\" onmouseout=\"this.className='prvPrfHoverOff'\">";
$shtml .= "<td><a href=\"javascript:display('".$item->get_permalink()."','feedlist_".$i."')\"; id='feedlist_".$i."' class=\"rssNews\">";
$shtml .= $rss_title."</a></td><td>".$this->rss_title."</td></tr>";
$cleanJS = vtlib_purify('<a href="'.$item->get_permalink().'"></a>');
if (strlen($cleanJS)>10) {
$cleanJS = substr(vtlib_purify($cleanJS), 9); // strip a href
$cleanJS = substr($cleanJS, 0, strlen($cleanJS)-6); // strip </a>
}
$shtml .= "<td><a href=\"javascript:display('".$cleanJS."','feedlist_".$i."')\"; id='feedlist_".$i."' class=\"rssNews\">";
$shtml .= $rss_title."</a></td><td>".vtlib_purify($this->rss_title)."</td></tr>";
if ($i == 10) {
return $shtml;
}
Expand Down

0 comments on commit 695d69a

Please sign in to comment.