MantisBT: master 9ef8f23a
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master | 2020-06-22 02:55 | master-2.24 2fc66610 |
Affected Issues | 0027056: CVE-2020-16266: HTML injection (maybe XSS) via custom field on view_all_bug_page.php | |||
Changeset | Fix XSS in view_all_bug_page.php (CVE-2020-16266) Hanno Boeck reported a stored cross-site scripting (XSS) vulnerability, Improper escaping on view_all_bug_page.php allowed a remote attacker to Prevent the attack by properly escaping the custom field's contents Fixes 0027056 |
|||
mod - core/filter_form_api.php | Diff File |