View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011244 | mantisbt | security | public | 2009-12-01 02:45 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011244: XSS on change log and roadmap pages due to unsanitised project names | ||||
Description | If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x df0a5af4 2009-12-01 02:45 Details Diff |
Fix 0011244: XSS on change log and roadmap pages (project names) If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. |
Affected Issues 0011244 |
|
mod - changelog_page.php | Diff File | ||
mod - roadmap_page.php | Diff File | ||
mod - core/custom_function_api.php | Diff File | ||
MantisBT: master 96ab63b6 2009-12-01 02:45 Details Diff |
Fix 0011244: XSS on change log and roadmap pages (project names) If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. |
Affected Issues 0011244 |
|
mod - changelog_page.php | Diff File | ||
mod - roadmap_page.php | Diff File | ||
mod - core/custom_function_api.php | Diff File |