View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0023918 | mantisbt | security | public | 2018-01-31 06:53 | 2018-02-06 21:17 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.3.0 | ||||
| Target Version | 1.3.14 | Fixed in Version | 1.3.14 | ||
| Summary | 0023918: CVE-2018-6403: XSS in adm_config_report.php 'value' parameter | ||||
| Description | This is a clone of 0023906 for tracking in 1.3.x changelog | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master-1.3.x 9e4db60a 2018-01-30 01:58 Details Diff |
Fix XSS in adm_config_report.php (CVE-2018-6403) Nguyen Tri Tuan reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'value' parameter. Prevent the attack by sanitizing the variable before output. Fixes 0023906, 0023918 Cherry-picked from c4afcb118472fef8d3a7f468b16d874f9d6cf871. |
Affected Issues 0023906, 0023918 |
|
| mod - adm_config_report.php | Diff File | ||
