MantisBT: master-1.3.x 7086c2d8

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2016-08-16 17:22:40 master-1.3.x b66af6d2
Affected Issues  0021611: CVE-2016-6837: XSS vulnerability in view_all_bug_page.php

Fix XSS in view_all_bug_page.php

The value of the view_type parameter on the view_all_bug_page.php page
was not encoded before being displayed.

This vulnerability was discovered by Will Dollman of Netcraft Ltd.

Initial patch modified to use strict comparison per Will's suggestion.

Fixes 0021611

mod - core/filter_api.php Diff File