View Issue Details

IDProjectCategoryView StatusLast Update
0019274mantisbtsecuritypublic2015-03-15 19:58
Reporterdregad Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0-beta.1 
Target Version1.3.0-beta.2Fixed in Version1.3.0-beta.2 
Summary0019274: CVE-2014-9571: XSS in install.php
Description

This is a clone of 0017938 to track the vulnerability in 1.3.x branch

Additional Information

Advisory ID: HTB23243
Reference: https://www.htbridge.com/advisory/HTB23243

Original report in 0017937

TagsNo tags attached.

Relationships

duplicate of 0017938 closeddregad CVE-2014-9571: XSS in install.php 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master 132cd6d0

2014-12-27 07:47

dregad


Details Diff
Fix XSS in install.php

This vulnerability (CVE-2014-9571) was reported by High-Tech Bridge
Security Research Lab (https://www.htbridge.com/) in issue 0017937
(advisory ID HTB23243).

The parameters are now properly sanitized before being displayed.

Fixes 0017938
Affected Issues
0017937, 0017938, 0019274
mod - admin/install.php Diff File