MantisBT: master-2.1 55b5b4f3

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.1 2017-03-07 01:34 master-2.1 4d317bf6
Affected Issues  0022486: CVE-2017-6797: XSS in bug_change_status_page.php
Changeset

Fix XSS in bug_change_status_page.php

The value of the change_type parameter was not encoded before being
displayed as a hidden input.

This vulnerability was reported by Etienne Landais.

Fixes 0022486
mod - bug_change_status_page.php Diff File