View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011245 | mantisbt | security | public | 2009-12-01 03:23 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011245: Sanitise project name in print_column_category_id() function to prevent XSS flaw | ||||
Description | If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x b4b275a5 2009-12-01 03:24 Details Diff |
Fix 0011245: Sanitise project name in print_column_category_id() If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. |
Affected Issues 0011245 |
|
mod - core/columns_api.php | Diff File | ||
MantisBT: master 141cbe6e 2009-12-01 03:24 Details Diff |
Fix 0011245: Sanitise project name in print_column_category_id() If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. |
Affected Issues 0011245 |
|
mod - core/columns_api.php | Diff File |