Please sign in to comment.
Fix XSS in filter_form_draw_inputs() (CVE-2018-13055)
Ömer Çıtak, Security Researcher at Netsparker, reported this vulnerability, allowing remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO on view_filters_page.php. Prevent the attack by sanitizing the output of $_SERVER['PHP_SELF'] before display. Fixes #24580
- Loading branch information...