0006557: XSS Vulnerability in manage_user (TKADV2005-11-002)

ID	Project	Category	View Status	Date Submitted	Last Update
0006557	mantisbt	security	public	2006-01-04 22:42	2006-10-09 11:55

Reporter	thraxisp	Assigned To	thraxisp
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.0.0rc4
Fixed in Version	1.0.0rc5

Summary	0006557: XSS Vulnerability in manage_user (TKADV2005-11-002)
Description	It is possible to embed an XSS script into the sort field of the manage_user_page. It is then trapped in the use's cookies. From Thomas Waldegger [thomas.waldegger at morph3us dot org] You did not address the "MANTIS_MANAGE_COOKIE" cookie bug (XSS, unexploitable SQL-Injection, temporary defacement), the XSS vulnerabilities in `view_filters_page.php',`proj_doc_delete.php', `query_store_page.php',`query_store.php' and there are still a lot of scripts which do not properly validate user-supplied input. /manage_user_page.php: ?sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&save=1
Tags	No tags attached.

thraxisp 2006-01-04 22:55 reporter ~0011868	Fixed in CVS. manage_user_page.php -> 1.59.8.1.2.1 core/database_api.php -> 1.46.6.1