mantis -- multiple vulnerabilities
Teun Beijers reported a cross-site scripting (XSS) vulnerability in
the Edit Filter page which allows execution of arbitrary code
(if CSP settings permit it) when displaying a filter with a crafted
name. Prevent the attack by sanitizing the filter name before display.
Ömer Cıtak, Security Researcher at Netsparker, reported this
vulnerability, allowing remote attackers to inject arbitrary code
(if CSP settings permit it) through a crafted PATH_INFO on
view_filters_page.php. Prevent the attack by sanitizing the output
of $_SERVER['PHP_SELF'] before display.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright