MantisBT: master-2.25 a7751c3e

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.25 2022-02-25 17:01 master-2.25 8db84042
Affected Issues  0029688: CVE-2022-26144: XSS in manage_plugin_page.php and manage_plugin_uninstall.php
Changeset

Fix XSS when displaying plugin name

Improper escaping of the plugin name allows attacker to inject code in
manage_plugin_page.php and manage_plugin_uninstall.php.

Fixes 0029688
mod - manage_plugin_page.php Diff File
mod - manage_plugin_uninstall.php Diff File