From 220808bd5cf7c3ce515f6ce0722d3fbd6ed96e50 Mon Sep 17 00:00:00 2001 From: Jos Groot Lipman Date: Wed, 29 Mar 2017 14:45:16 +0000 Subject: [PATCH] FSN#39950 PENTEST Reflected XSS in sso parameter svn path=/Website/branches/v2016.3/; revision=33318 --- APPL/Shared/loginTry.asp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/APPL/Shared/loginTry.asp b/APPL/Shared/loginTry.asp index 38efaa17a7..051090d64a 100644 --- a/APPL/Shared/loginTry.asp +++ b/APPL/Shared/loginTry.asp @@ -223,7 +223,7 @@ if (user_key < 0 && sso && sso != "0") // "0" is een hardcoded special case + " WHERE fac_idp_code = " + safe.quoted_sql(sso); var oRs = Oracle.Execute(sql); if (oRs.Eof) - shared.internal_error("Identity provider '{0}' is not configured for {1}".format(sso, customerId)); + shared.internal_error("Identity provider '{0}' is not configured for {1}".format(safe.html(sso), customerId)); var isFACFACinternal = oRs("fac_idp_internal").Value != 0; var ip_restrict = oRs("fac_idp_ipfilter").Value;