Source Control Integration

Author	Committer	Branch	Timestamp	Parent
dregad	dregad	master-1.3.x	2017-08-01 03:00	master-1.3.x b78fd043
Affected Issues	0023146: CVE-2017-12061: XSS in /admin/install.php script
Affected Issues	0023175: CVE-2017-12061: XSS in /admin/install.php script
Changeset	Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5
Changeset	mod - admin/install.php			Diff File