MantisBT: master-1.2.x 9fb8cf36
|dregad||dregad||master-1.2.x||2014-11-28 14:51||master-1.2.x 05378e00|
|Affected Issues||0017874: CVE-2014-9271: Persistent XSS in file uploads/attachments|
Fix 0017874: XSS in file uploads
An attacker can upload a Flash file with an image extension. If such an
This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me)
Patch with contribution from Victor Boctor.
|mod - file_download.php||Diff File|