View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011236 | mantisbt | security | public | 2009-12-01 00:13 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011236: XSS on view_all_bug_page.php (specifically the filters form) with user Real Name field | ||||
Description | Set your real name in "My Account" to something including "<script>alert(42);</script>" and then go to view_all_bug_page.php and select yourself in some of the user/reporter filters. Apply the filter you've just defined and you'll see a bunch of Javascript alerts from the XSS vulnerability. The current value of the filter for the username fields is not sanitised before being printed to the HTML output. | ||||
Tags | No tags attached. | ||||
MantisBT: master bb920bf5 2009-12-01 00:41 Details Diff |
Fix 0011236: XSS on view_all_bug_page.php with user Real Name field If a user is selected in one of the user filters (reporter, monitored by, etc) and that user has a name containing HTML elements, the HTML elements would not be escaped prior to displaying them as the currently selected filter options. |
Affected Issues 0011236 |
|
mod - core/filter_api.php | Diff File | ||
MantisBT: master-1.2.x 4cb58c70 2009-12-01 00:41 Details Diff |
Fix 0011236: XSS on view_all_bug_page.php with user Real Name field If a user is selected in one of the user filters (reporter, monitored by, etc) and that user has a name containing HTML elements, the HTML elements would not be escaped prior to displaying them as the currently selected filter options. |
Affected Issues 0011236 |
|
mod - core/filter_api.php | Diff File |