MantisBT: master-2.1 15e52e84
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-2.1 | 2017-03-17 06:09 | master-2.1 5efd115e |
Affected Issues | 0022537: CVE-2017-6973: XSS in adm_config_report.php | |||
Changeset | Fix XSS in adm_config_report.php's action parameter Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ Define a new set of constants (MANAGE_CONFIGACTION*) replacing the Sanitize the 'action' parameter to ensure it is only set to one of the Fixes 0022537 |
|||
mod - adm_config_report.php | Diff File | |||
mod - adm_config_set.php | Diff File | |||
mod - core/constant_inc.php | Diff File |