Headline
CVE-2012-10002: More security fixes: · ahmyi/rivettracker@45a0f33
A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267.
Permalink
Browse files
More security fixes:
css.php Unfiltered $_POSTs everywhere! Prevent XSS in Create CSS form entry [http://forums.rivetcode.com/viewtopic.php?f=9&t=342&p=1144#p1144] Typo in create css file error message. Needed to connect to database for cleaning function.
edit_database.php One line changed: a simple htmlentities() will take care of this for now.
sanity.php, sanity_no_output.php Changed obsolete code, no escape on queries.
statistics.php Filtered yet another global array
- Loading branch information