WordPress.org

Ready to get started?Download WordPress

Forums

PiwikSearchEngineKeywords
XSS Security issue in Plugin (2 posts)

  1. Stefan M.
    Member
    Posted 2 years ago #

    Hi

    If I search for <script>alert('test');</script> and piwik register it, the JS code is completly betted in to the webpage and this is a XSS security risk on very high level!

    Please add htmlentities() to the publish of the keywords on line 222 in the plugin like:

    if ($i != $qresult->rowCount() - 1)
                        $keywords = $keywords . '<li>' . htmlentities($keyword) . '</li>' . (($separator_on == true && $this->separator != "") ? '<li class="psek_separator">' . $this->separator . '</li>' : '');
                    else
                        $keywords = $keywords . '<li>' . htmlentities($keyword) . '</li>';

    This is strongly recommended!!

    Regards

    http://wordpress.org/extend/plugins/piwik-search-engine-keywords/

  2. wpuser0815
    Member
    Plugin Author

    Posted 2 years ago #

    Hi.
    The problem is resolved.
    Thank you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic