Search Changesets

MantisBT: master-2.15 8b5fa243

2018-07-13 09:18:46

atrol

Details Diff
Fix XSS on filter edit page (CVE-2018-14504)

Teun Beijers reported a cross-site scripting (XSS) vulnerability in
the Edit Filter page which allows execution of arbitrary code
(if CSP settings permit it) when displaying a filter with a crafted
name.

Prevent the attack by sanitizing the filter name before display.

Fixes 0024608
Affected Issues
0024608
mod - manage_filter_edit_page.php Diff File