MantisBT: master-2.5 9b5b71da

Author Committer Branch Timestamp Parent
atrol dregad master-2.5 2017-07-27 17:14:00 master-2.5 063cce61
Affected Issues  0023166: CVE-2017-12062: XSS in manage_user_page.php
Changeset

Fix XSS in manage_user_page.php (CVE-2017-12062)

trichimtrich (https://twitter.com/trichimtrich) reported this
vulnerability, allowing an attacker to inject arbitrary code through a
crafted 'filter' form variable.

Prevent the attack by sanitizing the variable before output.

Fixes 0023166

Signed-off-by: Damien Regad <dregad@mantisbt.org>

mod - manage_user_page.php Diff File