View Issue Details

IDProjectCategoryView StatusLast Update
0011245mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011245: Sanitise project name in print_column_category_id() function to prevent XSS flaw
Description

If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.2.x b4b275a5

2009-12-01 03:24

dhx


Details Diff
Fix 0011245: Sanitise project name in print_column_category_id()

If a project name contains "<script>alert(42);</script>" then due to
lack of sanitisation, a XSS vulnerability existed whenever the category
column was printed with the bad project name included.
Affected Issues
0011245
mod - core/columns_api.php Diff File

MantisBT: master 141cbe6e

2009-12-01 03:24

dhx


Details Diff
Fix 0011245: Sanitise project name in print_column_category_id()

If a project name contains "<script>alert(42);</script>" then due to
lack of sanitisation, a XSS vulnerability existed whenever the category
column was printed with the bad project name included.
Affected Issues
0011245
mod - core/columns_api.php Diff File