Search Changesets
MantisBT: master-2.21 bd094ded 2019-08-25 01:52 Details Diff |
Fix XSS on project documentation Vulnerability in deprecated project documentation functionality ($g_enable_project_documentation), allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. Prevent the attack by sanitizing the filename before display. Fixes 0026078 |
Affected Issues 0026078 |
|
mod - proj_doc_edit_page.php | Diff File |