MantisBT: master-2.28 5fec0f44

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.28 2026-04-08 04:49 master-2.28 b262b4d2
Affected Issues  0037003: CVE-2026-39960: Stored XSS in Custom Field Textarea Values
Changeset

Escape textarea custom field for display

Prevents HTML injection / XSS in bug_update_page.php.

Fixes 0037003, GHSA-qj6w-v29q-4rgx

Co-authored-by: Nozomu Sasaki nzm117ssk@gmail.com
mod - core/cfdefs/cfdef_standard.php Diff File