View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023175 | mantisbt | security | public | 2017-08-01 08:04 | 2017-09-03 18:41 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.11 | ||||
Target Version | 1.3.12 | Fixed in Version | 1.3.12 | ||
Summary | 0023175: CVE-2017-12061: XSS in /admin/install.php script | ||||
Description | This is a clone of 0023146 to track the fix in 1.3.x branch. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.3.x 17f9b94f 2017-08-01 03:00 Details Diff |
Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5 |
Affected Issues 0023146, 0023175 |
|
mod - admin/install.php | Diff File |