MantisBT: master-2.24 221cf323

Author Committer Branch Timestamp Parent
dregad dregad master-2.24 2020-09-12 06:20:49 master 77991180
Affected Issues  0027275: CVE-2020-25288: HTML Injection on bug_update_page.php
Changeset

Fix XSS in Custom Field regex pattern validation

Improper escaping of the custom field definition's Regular Expression
allowed an attacker to inject HTML into the page (CVE-2020-25288).

Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for the finding.

Fixes 0027275

mod - core/cfdefs/cfdef_standard.php Diff File