View Issue Details

IDProjectCategoryView StatusLast Update
0023918mantisbtsecuritypublic2018-02-06 21:17
ReporterdregadAssigned Todregad 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.0 
Target Version1.3.14Fixed in Version1.3.14 
Summary0023918: CVE-2018-6403: XSS in adm_config_report.php 'value' parameter
Description

This is a clone of 0023906 for tracking in 1.3.x changelog

TagsNo tags attached.

Relationships

duplicate of 0023906 closeddregad CVE-2018-6403: XSS in adm_config_report.php 'value' parameter 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.3.x 9e4db60a

2018-01-30 06:58:29

dregad

Details Diff
Fix XSS in adm_config_report.php (CVE-2018-6403)

Nguyen Tri Tuan reported this vulnerability, allowing an attacker to
inject arbitrary code through a crafted 'value' parameter.

Prevent the attack by sanitizing the variable before output.

Fixes 0023906, 0023918

Cherry-picked from c4afcb118472fef8d3a7f468b16d874f9d6cf871.
Affected Issues
0023906, 0023918
mod - adm_config_report.php Diff File

Issue History

Date Modified Username Field Change
2018-01-31 06:53 dregad New Issue
2018-01-31 06:53 dregad Status new => assigned
2018-01-31 06:53 dregad Assigned To => dregad
2018-01-31 06:53 dregad Issue generated from: 0023906
2018-01-31 06:53 dregad Relationship added duplicate of 0023906
2018-01-31 06:54 dregad Changeset attached => MantisBT master-1.3.x 9e4db60a
2018-01-31 06:54 dregad Status assigned => resolved
2018-01-31 06:54 dregad Resolution open => fixed
2018-01-31 06:54 dregad Fixed in Version => 1.3.14
2018-01-31 06:57 dregad View Status private => public
2018-02-06 21:17 vboctor Status resolved => closed