meteotest / npd

New Page Dialog for Dokuwiki
http://www.dokuwiki.org/plugin:npd
0 stars 3 forks source link

possible XSS vulnerability #13

Open splitbrain opened 8 years ago

splitbrain commented 8 years ago

Please see http://php-grinder.com/vulns/view/1193443 - $_REQUEST['idx'] is output unescaped (except for trimming trailing colons). It should be escaped by hsc().

cstuder commented 8 years ago

Thanks, I will have a look at it.