Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix XSS in move_attachments_page.php
Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Move Attachments admin page, allowing an attacker to inject arbitrary code through a crafted 'type' parameter. Sanitize the 'type' parameter prior to output, to ensure HTML special characters are properly escaped. Fixes #22568 Backported from 2.2.x ecef0e9 Conflicts: admin/move_attachments_page.php
- Loading branch information