Search Changesets

MantisBT: master-1.3.x 9e4db60a

2018-01-30 01:58

dregad


Details Diff
Fix XSS in adm_config_report.php (CVE-2018-6403)

Nguyen Tri Tuan reported this vulnerability, allowing an attacker to
inject arbitrary code through a crafted 'value' parameter.

Prevent the attack by sanitizing the variable before output.

Fixes 0023906, 0023918

Cherry-picked from c4afcb118472fef8d3a7f468b16d874f9d6cf871.
Affected Issues
0023906, 0023918
mod - adm_config_report.php Diff File