- 🇧🇷Brazil fabiorubim740@outlook.com
fabiorubim740@outlook.com → made their first commit to this issue’s fork.
$status_report .= 'Check the error messages and <a href="' . request_uri() . '">try again</a>.';
The output of request_uri() cannot be used as is in HTML. It needs to be escaped.
Marking "critical" as it is a potential XSS bug, though quite hard to exploit.
Fixed
7.0 ⚰️
update system
This tag is to be applied to issues where an official security release has been made, but the fix needs to be ported to the development version of the code.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
fabiorubim740@outlook.com → made their first commit to this issue’s fork.