Bug Tracker

Current Project: Guriddo jqGrid JS

Issue ID# 18 XSS vulnerability
Status: Resolved Version: 4.8 Priority: 3
Assigned to: Submitted by: sempremkacha5 Attached file: xss.png
Type: Bug Submitted:
2016-06-10 11:30:16 UTC
Last Update:
2017-01-12 11:08:13 UTC
Description: There are an XSS vulnerability in the advanced search inputs if the option 'showQuery' is enabled.
In attachment, a screenshot is showing this vulnerability.

To resolve this issue, search values must be encoded using $.jgrid.htmlEncode before displaying the query.
Pull request: https://github.com/tonytomov/jqGrid/pull/790

Stay connected with us in your favorite flavor!