MantisBT: master-2.2 ecef0e9b

Author Committer Branch Timestamp Parent
dregad dregad master-2.2 2017-03-24 12:02:07 master-2.2 c83fe546
Affected Issues  0022568: CVE-2017-7241: XSS in move_attachments_page.php

Fix XSS in move_attachments_page.php

Yelin and Zhangdongsheng from VenusTech
reported a vulnerability in the Move Attachments admin page, allowing
an attacker to inject arbitrary code through a crafted 'type'

Sanitize the 'type' parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes 0022568

mod - admin/move_attachments_page.php Diff File