MantisBT: master-2.2 c272c3f6

Author Committer Branch Timestamp Parent
dregad dregad master-2.2 2017-03-07 01:34 master-2.2 f8b2510f
Affected Issues  0022486: CVE-2017-6797: XSS in bug_change_status_page.php
Changeset

Fix XSS in bug_change_status_page.php

The value of the change_type parameter was not encoded before being
displayed as a hidden input.

This vulnerability was reported by Etienne Landais.

Fixes 0022486

mod - bug_change_status_page.php Diff File