Please sign in to comment.
Fix XSS on filter edit page (CVE-2018-14504)
Teun Beijers reported a cross-site scripting (XSS) vulnerability in the Edit Filter page which allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Fixes #24608
- Loading branch information...