Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #12232: Multiple XSS issues with custom field enumeration values
MantisBT administrators (who can configure custom fields) can place malicious Javascript within the options they define for custom field enumeration/checkbox/radio/etc field types. These HTML-unsafe options are then printed to users throughout MantisBT (report, update, view, etc) without sanitisation. This is low risk due to the need to be a MantisBT administrator to configure custom field values. Rather than being a pure security risk, this is more a case of allowing all characters to be used safely within custom field options.
- Loading branch information
1 parent
f60d0cf
commit 243ff6f
Showing
1 changed file
with
9 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters