Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix XSS in manage_user_page.php (CVE-2017-12062)
trichimtrich (https://twitter.com/trichimtrich) reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'filter' form variable. Prevent the attack by sanitizing the variable before output. Fixes #23166 Signed-off-by: Damien Regad <dregad@mantisbt.org>
- Loading branch information