MantisBT: master-2.2 e881dd79

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.2 2017-03-25 06:23 master-2.2 ecef0e9b
Affected Issues  0022579: CVE-2017-7309: XSS in adm_config_report.php
Changeset

Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae.

Fixes 0022579
mod - adm_config_report.php Diff File