Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #12231: XSS vulnerability when uninstalling badly named plugins
John Reese discovered an XSS vulnerability with the uninstall confirmation message shown when plugins are being uninstalled. The plugin name is not escaped before being outputted and thus HTML unsafe characters are not sanitised. This doesn't actually pose a security risk because it requires someone to: a) Have access to the server to rename a plugin in the PHP files b) Have administrator access to the MantisBT installation
- Loading branch information