Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #15373: match_type XSS vulnerability
Jakub Galczyk discovered[1] a cross site scripting (XSS) vulnerability in MantisBT 1.2.12 and earlier versions that allows a malicious person to trick the browser of a target user into executing arbitrary JavaScript via the URL: search.php?match_type="><script... This vulnerability is particularly wide reaching due to search.php being usable by anonymous users on public facing installations of MantisBT (no user account required). The value of the "match_type" filter parameter is now correctly sanitised prior to use in the HTML output displaying the current filter settings. [1] http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html
- Loading branch information