From 61a2d200b44e6955be5e7ffb17aa56bac4345fc9 Mon Sep 17 00:00:00 2001
From: Benjamin Dalsass <benjamin.dalsass@combodo.com>
Date: Wed, 18 May 2022 08:10:01 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B04900=20-=20Stored=20XSS=20in=20dashlets?=
 =?UTF-8?q?=20failed=20OQL=20query?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/dashlet.class.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/dashlet.class.inc.php b/application/dashlet.class.inc.php
index 42eeca069..0bc8979f4 100644
--- a/application/dashlet.class.inc.php
+++ b/application/dashlet.class.inc.php
@@ -255,7 +255,7 @@ abstract class Dashlet
 		catch(OqlException $e)
 		{
 			$oPage->add('<div class="dashlet-content">');
-			$oPage->p($e->GetUserFriendlyDescription());
+			$oPage->p(utils::HtmlEntities($e->GetUserFriendlyDescription()));
 			$oPage->add('</div>');
 		}
 		catch(Exception $e)