[mapguide-users] Ajaxviewer (Java) cross-site scripting hole

svlad svlad.cjelli42 at web.de
Wed Jan 9 01:22:41 PST 2019

Previous message (by thread): [mapguide-users] Link to wiew widget coordinate transformation
Next message (by thread): [mapguide-users] Ajaxviewer (Java) cross-site scripting hole
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, there may be a xss hole in quickplotpreviewinner.jsp (Ajaxviewer Java).
to prevent change the line 96 to
annotations.put("{scale}", "1 : " +
EscapeForHtml(request.getParameter("scale_denominator")));
I did not look at php or .net.
Regards svlad



--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html

Previous message (by thread): [mapguide-users] Link to wiew widget coordinate transformation
Next message (by thread): [mapguide-users] Ajaxviewer (Java) cross-site scripting hole
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mapguide-users mailing list