Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #11933: XSS via project_id_filter_target (filter advanced view)
A project name containing malicious scripting code could be printed out the browser directly without sanitisation in the filter advanced view when selecting projects to filter by. Note that to exploit this bug, a user must have access to create/modify projects on a MantisBT installation. Normally these users are trusted (or are the system administrators of the MantisBT installation) so this attack vector is subsequently limited in severity.
- Loading branch information