From 9618e470455e4993b4f3f37e8cbf2138ff3766d9 Mon Sep 17 00:00:00 2001
From: bdalsass <benjamin.dalsass@combodo.com>
Date: Fri, 23 May 2025 10:16:22 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B08201=20-=20[CVE=5FRequest]=5FCross-Site-?=
 =?UTF-8?q?Script=20Reflected(XSS=20Reflected=20at=20the=20name=3D"attr=5F?=
 =?UTF-8?q?installed"=20(Low=20or=20Medium)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pages/UI.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/UI.php b/pages/UI.php
index 614e44016..732b23f26 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -1520,7 +1520,7 @@ catch (Exception $e) {
 		$oErrorPage->add("<h1>".Dict::S('UI:FatalErrorMessage')."</h1>\n");
 	}
 	$sErrorDetails = ($e instanceof CoreException) ? $e->getHtmlDesc() : $e->getMessage();
-	$oErrorPage->error(Dict::Format('UI:Error_Details', $sErrorDetails));
+	$oErrorPage->error(Dict::Format('UI:Error_Details', utils::EscapeHtml($sErrorDetails)));
 	$oErrorPage->output();
 
 	$sErrorStackTrace = ($e instanceof CoreException) ? $e->getFullStackTraceAsString() : $e->getTraceAsString();