MantisBT: master-2.28 bdd0e364
| Author | Committer | Branch | Timestamp | Parent |
|---|---|---|---|---|
| dregad | dregad | master-2.28 | 2026-06-08 09:03 | master-2.28 5f7bc4b9 |
| Affected Issues | 0037234: CVE-2026-62944: Stored HTML injection via unescaped attachment filename extension in HTML export | |||
| Changeset | Fix XSS in print_all_bug_page_word.php Unescaped file extension was printed in <img> tag alt attribute. Use printf() instead echo to improve code readability. Replace Fixes 0037234 |
|||
| mod - print_all_bug_page_word.php | Diff File | |||