[mapguide-users] Ajaxviewer (Java) cross-site scripting hole

svlad Wed, 09 Jan 2019 01:23:42 -0800

Hi, there may be a xss hole in quickplotpreviewinner.jsp (Ajaxviewer Java).
to prevent change the line 96 to
annotations.put("{scale}", "1 : " +
EscapeForHtml(request.getParameter("scale_denominator")));
I did not look at php or .net.
Regards svlad




--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/mapguide-users

[mapguide-users] Ajaxviewer (Java) cross-site scripting hole

Reply via email to