MantisBT: master-2.1 0243375e

Author Committer Branch Timestamp Parent
dregad dregad master-2.1 2017-03-25 10:23:51 master-2.1 2d55c647
Affected Issues  0022579: CVE-2017-7309: XSS in adm_config_report.php

Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae.

Fixes 0022579

mod - adm_config_report.php Diff File