Control: tags -1 + confirmed On Sat, 2022-03-19 at 10:18 +0300, Nicholas Guriev wrote: > Salvatore Bonaccorso on the Security Team suggested me to fix a > revealed > XSS vulnerability trough the upcoming point release. The issue has > got > the assigned number CVE-2021-46709. The proposed fix is a trivial > one- > liner patch casting $_POST['num'] to (int). > Please go ahead. Regards, Adam