Osclass Support Forums

Osclass plugin support => Invoice Osclass Plugin => Topic started by: Tango on September 25, 2021, 06:01:52 PM

Title: Unsanitized VAT Number fields and a Notice
Post by: Tango on September 25, 2021, 06:01:52 PM

Please note that both VAT Number fields are unsanitized leading to possible XSS exploits, as you can see in the attached screenshot.
The VAT fields should allow only letters, numbers, / and .

Also there's the following notice:

Code: [Select]

PHP Notice: Undefined variable: i in \oc-content\plugins\invoice\admin\profiles.php on line 157
Plugin: v1.6.1
PHP: 7.2.34

Thanks!

Title: Re: Unsanitized VAT Number fields and a Notice
Post by: MB Themes on September 27, 2021, 02:46:19 PM

@Tango
Thank you, will be fixed in next update.