MantisBT: master-1.3.x c9e5b1d0

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2017-03-25 10:23:51 master-1.3.x d31841c8
Affected Issues  0022579: CVE-2017-7309: XSS in adm_config_report.php
Changeset

Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes 0022579

mod - adm_config_report.php Diff File