MantisBT: master-1.2.x 5068df2d
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-1.2.x | 2016-06-06 14:25 | master-1.2.x b8d5d85c |
Affected Issues | 0020956: CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php | |||
Changeset | Fix XSS in custom fields management Kacper Szurek (http://security.szurek.pl/) discovered an XSS
This commit fixes both attack vectors:
[1] http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html Fixes 0020956 This is a backport from master 3f2779b4c6dc8d465fb73c08cfa1d806184d2e79. |
|||
mod - account_prefs_update.php | Diff File | |||
mod - manage_config_revert.php | Diff File | |||
mod - manage_custom_field_delete.php | Diff File | |||
mod - manage_custom_field_update.php | Diff File | |||
mod - print_all_bug_options_update.php | Diff File | |||
mod - set_project.php | Diff File |