Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Ported from 1.3.x commit c9e5b1d. Fixes #22579
- Loading branch information