View Issue Details

IDProjectCategoryView StatusLast Update
0011235mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011235: XSS on manage_tags_page.php with user Real Name field
Description

The "Real Name" field for users is not sanitised before being printed to manage_tags_page.php thus leading to a XSS vulnerability.

TagsNo tags attached.

Relationships

child of 0011234 closeddhx user_ensure_realname_valid() is not checked on account_page.php 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master b1bc26eb

2009-12-01 00:14

dhx


Details Diff
Fix 0011235: XSS on manage_tags_page.php with user Real Name field

The "Real Name" field for users is not sanitised before being printed to
manage_tags_page.php thus leading to a XSS vulnerability.
Affected Issues
0011235
mod - manage_tags_page.php Diff File

MantisBT: master-1.2.x 42e3640a

2009-12-01 00:14

dhx


Details Diff
Fix 0011235: XSS on manage_tags_page.php with user Real Name field

The "Real Name" field for users is not sanitised before being printed to
manage_tags_page.php thus leading to a XSS vulnerability.
Affected Issues
0011235
mod - manage_tags_page.php Diff File