MantisBT: master-2.28 c885af13

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.28 2026-04-19 10:35 master-2.28 44f490bc
Affected Issues  0037013: CVE-2026-41897: Reflected XSS in Rendering Dynamic Custom Textarea Field
Changeset

Fix XSS in return_dynamic_filters.php

Prevent reflected XSS with TEXTAREA custom fields using a crafted
filter_target parameter by validating user input and proper escaping.

Fixes 0037013, GHSA-j7v9-f46r-2rp4
mod - core/date_api.php Diff File
mod - core/filter_form_api.php Diff File
mod - return_dynamic_filters.php Diff File