MantisBT: master-2.24 8c6f4d88

Author Committer Branch Timestamp Parent
dregad dregad master-2.24 2020-09-23 12:36:32 master-2.24 26bbae76
Affected Issues  0027304: CVE-2020-25830: HTML Injection in bug_actiongroup_page.php
Changeset

Fix XSS in bug_actiongroup_page.php

Improper escaping of the custom field's name allowed an attacker to
inject HTML into the page.

Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for the finding.

Fixes 0027304

mod - bug_actiongroup_page.php Diff File