Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS on timeline (CVE-2019-15074)
Kamran Saifullah reported a stored cross-site scripting (XSS)
vulnerability in Timeline, allowing execution of arbitrary code (if CSP
settings permit it) after uploading an attachment with a crafted
filename. The code is executed for any user having visibility to the
issue, whenever My View Page is displayed.

Prevent the attack by sanitizing the filename before display.

Fixes #25995
  • Loading branch information
dregad committed Aug 15, 2019
1 parent a613613 commit 9cee197
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/classes/IssueAttachmentTimelineEvent.class.php
Expand Up @@ -73,7 +73,7 @@ public function html() {
. sprintf( lang_get( $t_string ),
prepare_user_name( $this->user_id ),
$t_bug_link,
$this->filename
string_html_specialchars( $this->filename )
)
. '</div>';
$t_html .= $this->html_end();
Expand Down

0 comments on commit 9cee197

Please sign in to comment.