Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improper escaping of the custom field's name allowed an attacker to inject HTML into the page. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for the finding. Fixes #27304
- Loading branch information