MantisBT: master-1.2.x ad929d48

Author Committer Branch Timestamp Parent
atrol dregad master-1.2.x 2013-10-19 14:36:16 master-1.2.x faaa3eda
Affected Issues  0016513: CVE-2013-4460: XSS in account_sponsor_page.php project names
Changeset

Fix 0016513: XSS in account_sponsor_page.php project names

account_sponsor_page.php.php does not correctly sanitise project
names. It is thus possible for a malicious user with project
manager access permissions (or higher) to let users execute
malicious JavaScript when visiting account_sponsor_page.php.

mod - account_sponsor_page.php Diff File