MantisBT: master-1.3.x 9e4db60a

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2018-01-30 01:58 master-1.3.x 891fc756
Affected Issues  0023906: CVE-2018-6403: XSS in adm_config_report.php 'value' parameter
 0023918: CVE-2018-6403: XSS in adm_config_report.php 'value' parameter
Changeset

Fix XSS in adm_config_report.php (CVE-2018-6403)

Nguyen Tri Tuan reported this vulnerability, allowing an attacker to
inject arbitrary code through a crafted 'value' parameter.

Prevent the attack by sanitizing the variable before output.

Fixes 0023906, 0023918

Cherry-picked from c4afcb118472fef8d3a7f468b16d874f9d6cf871.
mod - adm_config_report.php Diff File