MantisBT: master-2.15 8b5fa243
2018-07-13 09:18:46Details Diff
|Fix XSS on filter edit page (CVE-2018-14504)
Teun Beijers reported a cross-site scripting (XSS) vulnerability in
the Edit Filter page which allows execution of arbitrary code
(if CSP settings permit it) when displaying a filter with a crafted
Prevent the attack by sanitizing the filter name before display.
|mod - manage_filter_edit_page.php||Diff File|