View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023918 | mantisbt | security | public | 2018-01-31 06:53 | 2018-02-06 21:17 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0 | ||||
Target Version | 1.3.14 | Fixed in Version | 1.3.14 | ||
Summary | 0023918: CVE-2018-6403: XSS in adm_config_report.php 'value' parameter | ||||
Description | This is a clone of 0023906 for tracking in 1.3.x changelog | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.3.x 9e4db60a 2018-01-30 01:58 Details Diff |
Fix XSS in adm_config_report.php (CVE-2018-6403) Nguyen Tri Tuan reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'value' parameter. Prevent the attack by sanitizing the variable before output. Fixes 0023906, 0023918 Cherry-picked from c4afcb118472fef8d3a7f468b16d874f9d6cf871. |
Affected Issues 0023906, 0023918 |
|
mod - adm_config_report.php | Diff File |