MantisBT: master-1.3.x 17f9b94f

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2017-08-01 07:00:04 master-1.3.x b78fd043
Affected Issues  0023146: CVE-2017-12061: XSS in /admin/install.php script
 0023175: CVE-2017-12061: XSS in /admin/install.php script

Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC ( reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the

Fixes 0023146

Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5

mod - admin/install.php Diff File