Show unread posts since last visit Show new replies to your posts
Pages: [1]
*

Tango

  • ****
  • 214 posts
Unsanitized VAT Number fields and a Notice
« on: September 25, 2021, 06:01:52 PM »
Please note that both VAT Number fields are unsanitized leading to possible XSS exploits, as you can see in the attached screenshot.
The VAT fields should allow only letters, numbers, / and .

Also there's the following notice:
Code: [Select]
PHP Notice: Undefined variable: i in \oc-content\plugins\invoice\admin\profiles.php on line 157
Plugin: v1.6.1
PHP: 7.2.34

Thanks!
« Last Edit: September 26, 2021, 12:00:42 PM by Tango »
Logged
Marked as best answer by frosticek on October 25, 2021, 10:43:26 AM
*

MB Themes

Re: Unsanitized VAT Number fields and a Notice
« Reply #1 on: September 27, 2021, 02:46:19 PM »
@Tango
Thank you, will be fixed in next update.
Logged
  To get fast support, we need following details: Detail description, URL to reproduce problem, Screenshots
Pages: [1]