Input passed as the filename for the uploaded file in bug_report.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious filename is viewed in view.php. Successful exploitation requires valid user credentials. Solution: Update to version 1.1.0. Reproducible: Always
maintainers - please provide an updated ebuild
*** Bug 204205 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 203791 ***