Search Changesets
MantisBT: master-1.3.x 17f9b94f 2017-08-01 03:00 Details Diff |
Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5 |
Affected Issues 0023146, 0023175 |
|
mod - admin/install.php | Diff File |