Osclass Support Forums
General osclass questions => Report bug => Topic started by: Tango on September 05, 2021, 09:17:32 PM
-
As you can see in the attached screenshot, the URL custom fields in v4.4.0 aren't sanitized, which could lead to a possible XSS attack.
Could we validate it directly in oc-includes/osclass/frm/Field.form.class.php ?
Thanks!
-
@Tango
Thanks for feedback, will check it out ;)
-
Please note that the Phone field has the same vulnerability, as you can see in the attached screenshot.
-
@Tango
Thanks for feedback, we will review it.
-
@Tango
Fields has been sanitized (URL, Phone) in item data & user data and will be available in osclass 4.5.