
Highly insightful analysis from elReg reporter
‘The flaw .. “could potentially impact the confidentiality and integrity of your data” .. In other words, the bug can be exploited to steal or alter information among other things.’
I think we got it the first time :)
- quote -
Before the update, the line appeared as below
<input name="st" type="hidden" value="${param.st}"/>
After the update, the line should appear as below
<input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>
- unquote -
Seems perfectly clear to me /s