View Issue Details

IDProjectCategoryView StatusLast Update
0011242mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011242: XSS on manage_proj_edit_page.php with user Real Name field
Description

Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_edit_page.php. The user real name needs to be sanitised before being printed.

TagsNo tags attached.

Relationships

child of 0011234 closeddhx user_ensure_realname_valid() is not checked on account_page.php 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.2.x 868c1d6c

2009-12-01 01:34

dhx


Details Diff
Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field

Categories that are assigned to users whose names contain
"<script>alert(42);</script>" will cause a XSS bug on
manage_proj_edit_page.php. The user real name needs to be sanitised
before being printed.
Affected Issues
0011242
mod - manage_proj_edit_page.php Diff File

MantisBT: master a77662d5

2009-12-01 01:34

dhx


Details Diff
Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field

Categories that are assigned to users whose names contain
"<script>alert(42);</script>" will cause a XSS bug on
manage_proj_edit_page.php. The user real name needs to be sanitised
before being printed.
Affected Issues
0011242
mod - manage_proj_edit_page.php Diff File