MantisBT: master-2.15 8b5fa243

Author Committer Branch Timestamp Parent
atrol atrol master-2.15 2018-07-13 09:18:46 master-2.15 4efac90e
Affected Issues  0024608: CVE-2018-14504: XSS in edit filters page
Changeset

Fix XSS on filter edit page (CVE-2018-14504)

Teun Beijers reported a cross-site scripting (XSS) vulnerability in
the Edit Filter page which allows execution of arbitrary code
(if CSP settings permit it) when displaying a filter with a crafted
name.

Prevent the attack by sanitizing the filter name before display.

Fixes 0024608

mod - manage_filter_edit_page.php Diff File