MantisBT: master 0002d106

Author Committer Branch Timestamp Parent
atrol atrol master 2013-10-19 10:36 master b8b4134d
Affected Issues  0016513: CVE-2013-4460: XSS in account_sponsor_page.php project names
Changeset

Fix 0016513: XSS in account_sponsor_page.php project names

account_sponsor_page.php.php does not correctly sanitise project
names. It is thus possible for a malicious user with project
manager access permissions (or higher) to let users execute
malicious JavaScript when visiting account_sponsor_page.php.

mod - account_sponsor_page.php Diff File