[PATCH 15/16] proxy.cgi: Fixes bug 13893

Thu, 25 Sep 2025 04:13:50 -0700 

Fixes: bug 13893 - proxy.cgi Multiple Parameters Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <[email protected]>
---
 html/cgi-bin/proxy.cgi | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index bdce2fa66..1ade39381 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3973,6 +3973,7 @@ END
        {
                print FILE " 
$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
        } else {
+               $proxysettings{'VISIBLE_HOSTNAME'} = 
&Header::escape($proxysettings{'VISIBLE_HOSTNAME'});
                print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
        }
 
-- 
2.51.0

Reply via email to