MantisBT: master-2.26 447a521a

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.26 2024-05-06 13:04 master-2.26 809a4e1d
Affected Issues  0034432: CVE-2024-34081: Unsanitised custom field names printed
 0034442: Wrong display of some column titles on "View Issues" page
Changeset

Proper escaping of Custom Field name for display

Fixes XSS vulnerability on

  • bug_change_status_page.php (resolving and closing issues)
  • view_all_bug_page.php & print_all_bug_page.php (when the custom field
    is selected as a column for display/print)

Fixes 0034432, CVE-2024-34081
mod - bug_change_status_page.php Diff File
mod - core/print_api.php Diff File