MantisBT: master-1.3.x a2d90eca

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2017-03-07 01:34 master-1.3.x 23da4e0c
Affected Issues  0022486: CVE-2017-6797: XSS in bug_change_status_page.php
Changeset

Fix XSS in bug_change_status_page.php

The value of the change_type parameter was not encoded before being
displayed as a hidden input.

This vulnerability was reported by Etienne Landais.

Fixes 0022486
mod - bug_change_status_page.php Diff File