MantisBT: master-1.2.x a374a7c9

Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2010-08-04 09:17 master-1.2.x 49070ba0
Affected Issues  0012230: CVE-2010-2574: XSS vulnerability when deleting maliciously named categories
Changeset

Fix 0012230: XSS vulnerability when deleting maliciously named categories

As reported by Secunia, SA40832, there is an XSS vulnerability when
deleting project categories that have been maliciously named. The chance
of attack is low due to requiring project manager access to create
malicious project categories in the first place.

Thanks to John Reese for debugging this issue.

mod - manage_proj_cat_delete.php Diff File