CVE-2023-45958

An attacker can craft a malicious URL containing a JavaScript payload within the backup_pagination parameter. When a user, typically an administrator, accesses this crafted URL in the web browser, the JavaScript payload is executed. This occurs because the application reflects the unsanitized parameter value within the HTML output of the page, specifically in the context of list pagination. [ref_id=1]

The vulnerability exists in the `displayListHeader` method within the `AdminController.php` file. Specifically, the code handling the `backup_pagination` parameter was not adequately sanitizing user input before rendering it on the page. The patch modifies this section by introducing new helper methods to properly resolve and validate pagination values. [ref_id=1]

The patch introduces a new method, `resolvePagination`, which sanitizes the `backup_pagination` parameter. This method ensures that the pagination value is an integer and checks if it is a valid positive number before it is used. This prevents the injection of arbitrary JavaScript code by validating and sanitizing the input, thus mitigating the reflected XSS vulnerability. [ref_id=1]