View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011243 | mantisbt | security | public | 2009-12-01 02:27 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011243: Default to sanitising column values on view_all_bug_page.php to prevent XSS attacks | ||||
Description | If you create a new version within a project as "Test<script>alert(42);</script>" and set your column preferences to show the 'version' column on view_all_bug_page.php, you'll see a Javscript popup indicating an XSS vulnerability. This is caused by the default state for columns to not be sanitised when no special column printing function is defined. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x b66d1b04 2009-12-01 02:28 Details Diff |
Fix 0011243: XSS on view_all_bug_page.php due to bad sanitising defaults Columns on view_all_bug_page.php are not sanitised by default when there is no special function defined for formatting and printing the column value. This leads to a problem where a column such as 'version' can introduce an XSS flaw when a malicious user has the ability to create their own versions containing Javascript. For columns with existing printing/formatting functions, these have been improved with the use of string sanitisation where applicable. |
Affected Issues 0011243 |
|
mod - core/custom_function_api.php | Diff File | ||
mod - core/columns_api.php | Diff File | ||
MantisBT: master be4dbbf8 2009-12-01 02:28 Details Diff |
Fix 0011243: XSS on view_all_bug_page.php due to bad sanitising defaults Columns on view_all_bug_page.php are not sanitised by default when there is no special function defined for formatting and printing the column value. This leads to a problem where a column such as 'version' can introduce an XSS flaw when a malicious user has the ability to create their own versions containing Javascript. For columns with existing printing/formatting functions, these have been improved with the use of string sanitisation where applicable. |
Affected Issues 0011243 |
|
mod - core/custom_function_api.php | Diff File | ||
mod - core/columns_api.php | Diff File |