MantisBT: master-2.28 df22697a

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.28 2026-03-28 12:46 master-2.28 69e0180f
Affected Issues  0036986: CVE-2026-34463: Stored HTML Injection/XSS in Clone Issue Form via Unescaped Project Name
Changeset

Escape Project name in bug_report_page.php

Prevents XSS in Clone context (i.e. if m_id parameter is provided) when
the current project is different from the master issue's.

Fixes 0036986, GHSA-fvjf-68wh-rwp2
mod - bug_report_page.php Diff File