From ed0d487fc5a36684cabfc1dfc2631d964ca5c349 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sun, 25 Sep 2022 10:42:28 -0700
Subject: [PATCH] Escape more inputs

---
 servers/find.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/servers/find.cgi b/servers/find.cgi
index faafcee18..e5a5718ca 100755
--- a/servers/find.cgi
+++ b/servers/find.cgi
@@ -43,10 +43,10 @@ if (&foreign_check("net") && !defined($in{'scan'})) {
 # Get and display responses
 &ui_print_unbuffered_header(undef, $text{'find_title'}, "");
 if (defined($in{'scan'})) {
-	print &text('find_scanning', "<tt>$in{'scan'}</tt>"),"<p>\n";
+	print &text('find_scanning', "<tt>".&html_escape($in{'scan'})."</tt>"),"<p>\n";
 	}
 else {
-	print &text('find_broading', join(" , ", map { "<tt>$_</tt>" } @broad)),"<p>\n";
+	print &text('find_broading', join(" , ", map { "<tt>".&html_escape($_)."</tt>" } @broad)),"<p>\n";
 	}
 &find_servers(\@broad, $limit, 0, $in{'defuser'}, $in{'defpass'}, undef, undef,
 	      0, $in{'port'});