MokoConsulting/MokoJoomCross
1
0
Fork 0
Code Issues 105 Pull Requests Releases 1 Wiki Activity

Fixed: ServiceIconHelper XSS via unescaped extraClass #90

New Issue
Open
opened 2026-05-29 05:30:26 +00:00 by jmiller · 1 comment
jmiller commented 2026-05-29 05:30:26 +00:00
Owner
Copy Link
Copy Source

Fixed in commit 8dd6fdd

Severity: Medium

What was wrong:
$extraClass parameter in renderIcon() was output directly into HTML class attribute without escaping.

Fix applied:
Escaped with htmlspecialchars().

Files: ServiceIconHelper.php

Label: priority: medium, status: pending-testing

## Fixed in commit 8dd6fdd **Severity:** Medium **What was wrong:** `$extraClass` parameter in `renderIcon()` was output directly into HTML class attribute without escaping. **Fix applied:** Escaped with `htmlspecialchars()`. **Files:** `ServiceIconHelper.php` **Label:** `priority: medium`, `status: pending-testing`
jmiller commented 2026-05-29 05:30:28 +00:00
Author
Owner
Copy Link
Copy Source

Branch created: feature/90-fixed-serviceiconhelper-xss-via-unescape

git fetch origin
git checkout feature/90-fixed-serviceiconhelper-xss-via-unescape
Branch created: [`feature/90-fixed-serviceiconhelper-xss-via-unescape`](https://git.mokoconsulting.tech/MokoConsulting/MokoJoomCross/src/branch/feature/90-fixed-serviceiconhelper-xss-via-unescape) ```bash git fetch origin git checkout feature/90-fixed-serviceiconhelper-xss-via-unescape ```
Sign in to join this conversation.
Labels
Clear labels
pending: testing
Implemented, awaiting testing
 priority: critical
Must have for MVP
 priority: high
Important, near-term
 priority: low
Nice to have
 priority: medium
Standard priority
 type: api
API endpoint
 type: feature
New feature
 type: infrastructure
Build, CI/CD, tooling
 type: integration
Platform integration
 type: migration
Data migration
bug
Something is not working
 chore
Maintenance and housekeeping
 documentation
Documentation improvements
 enhancement
Improvement to existing functionality
 feature
New feature or request
 pending: dependency
Blocked by another issue or external dependency
 pending: deployment
Tested and approved, awaiting deployment to production
 pending: design
Needs UI/UX or architecture design before implementation
 pending: documentation
Feature works, needs documentation/wiki update
 pending: feedback
Awaiting feedback or decision from stakeholder
 pending: review
Implementation complete, awaiting code review
 pending: testing
Feature implemented but not yet tested
 priority: critical
Must fix immediately
 priority: high
Should fix soon
 priority: low
Nice to have
 priority: medium
Fix when convenient
 refactor
Code restructuring without behavior change
 roadmap
Planned feature or enhancement tracked on the roadmap
 scope: client
Client-specific work
 scope: dolibarr
Dolibarr modules and customizations
 scope: infrastructure
Server, CI, backups, monitoring
 scope: joomla
Joomla templates and extensions
 scope: waas
MokoWaaS platform
 security
Security vulnerability or hardening
 status: blocked
Waiting on external dependency
 status: duplicate
Duplicate of another issue
 status: in-progress
Being worked on
 status: needs-review
Ready for review
 status: wontfix
Will not be addressed
No labels
Type Bug
Status
Priority
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomCross#90
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?