[mapguide-users] Ajaxviewer (Java) cross-site scripting hole
svlad
svlad.cjelli42 at web.de
Wed Jan 9 01:22:41 PST 2019
Hi, there may be a xss hole in quickplotpreviewinner.jsp (Ajaxviewer Java).
to prevent change the line 96 to
annotations.put("{scale}", "1 : " +
EscapeForHtml(request.getParameter("scale_denominator")));
I did not look at php or .net.
Regards svlad
--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
More information about the mapguide-users
mailing list