MantisBT: master 11ab3d6c
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master | 2016-05-27 01:39 | master ecd12610 |
Affected Issues | 0020956: CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php | |||
0021090: CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php | ||||
Changeset | Fix XSS in custom fields management Kacper Szurek (http://security.szurek.pl/) discovered an XSS
This commit fixes both attack vectors:
[1] http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html Fixes 0020956 |
|||
mod - core/html_api.php | Diff File | |||
mod - manage_custom_field_edit_page.php | Diff File |