Fix injection vulnerability in fdb search page (#15315)

unescaped search output reported by: https://huntr.dev/users/hainguyen0207
2024-10-07 16:52:45 +00:00 · 2023-09-14 00:22:42 -05:00
parent cfd642be6a
commit 2c5960631c
1 changed files with 1 additions and 1 deletions
--- a/includes/html/pages/search/fdb.inc.php
+++ b/includes/html/pages/search/fdb.inc.php
@@ -112,7 +112,7 @@ if ($vars['searchby'] == 'vlan') {
                "<div class=\"form-group\">"+
                "<input type=\"text\" name=\"searchPhrase\" id=\"address\" value=\""+
 <?php
-echo '"' . $vars['searchPhrase'] . '"+';
+echo '"' . htmlspecialchars($vars['searchPhrase']) . '"+';
 ?>

                "\" class=\"form-control input-sm\" placeholder=\"Value\" />"+