MantisBT: master-1.2.x c61dc631

Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2013-01-23 12:28:39 master-1.2.x e61e63ca
Affected Issues  0015415: CVE-2013-1932: XSS vulnerability on Configuration Report page
Changeset

Fix 0015415: XSS vulnerability on Configuration Report page

A project name containing javascript code results in execution of said
code when displaying the filter's project list.

Note that despite using the same function to display the option list,
the vulnerability does not exist for usernames (due to input
restrictions in place when creating/updating user accounts) or config
names (which must exist in config_default_inc.php and must be valid php
identifiers).

mod - adm_config_report.php Diff File