View Issue Details

IDProjectCategoryView StatusLast Update
0023918mantisbtsecuritypublic2018-02-06 21:17
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.0 
Target Version1.3.14Fixed in Version1.3.14 
Summary0023918: CVE-2018-6403: XSS in adm_config_report.php 'value' parameter
Description

This is a clone of 0023906 for tracking in 1.3.x changelog

TagsNo tags attached.

Relationships

duplicate of 0023906 closeddregad CVE-2018-6403: XSS in adm_config_report.php 'value' parameter 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.3.x 9e4db60a

2018-01-30 01:58

dregad


Details Diff
Fix XSS in adm_config_report.php (CVE-2018-6403)

Nguyen Tri Tuan reported this vulnerability, allowing an attacker to
inject arbitrary code through a crafted 'value' parameter.

Prevent the attack by sanitizing the variable before output.

Fixes 0023906, 0023918

Cherry-picked from c4afcb118472fef8d3a7f468b16d874f9d6cf871.
Affected Issues
0023906, 0023918
mod - adm_config_report.php Diff File