MantisBT: master-2.25 262ecdde
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-2.25 | 2022-06-13 06:09 | master-2.25 0d1d7b65 |
Affected Issues | 0030384: CVE-2022-33910: Stored XSS via SVG file upload | |||
Changeset | Prevent script execution when viewing SVG files A cross-site scripting vulnerability allows remote attackers to attach This fixes the issue by forcing download as attachment for files of Devendra Bhatla and Febin Mon Saji <febinrev811@gmail.com> both and Fixes 0030384, CVE-2022-33910 |
|||
mod - file_download.php | Diff File |