|Issue ID# 18||XSS vulnerability|
|Status: Resolved||Version: 4.8||Priority: 3|
|Assigned to:||Submitted by: sempremkacha5||Attached file: xss.png|
2016-06-10 11:30:16 UTC
2017-01-12 11:08:13 UTC
Description: There are an XSS vulnerability in the advanced search inputs if the option 'showQuery' is enabled.
In attachment, a screenshot is showing this vulnerability.
To resolve this issue, search values must be encoded using $.jgrid.htmlEncode before displaying the query.
Pull request: https://github.com/tonytomov/jqGrid/pull/790