View Issue Details

IDProjectCategoryView StatusLast Update
0011246mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011246: XSS bug in category dropdown selector
Description

If a category name contains "<script>alert(42);</script>" then it'll result in a XSS vulnerability whenever a category dropdown list is printed. This applies to pages such as bug reporting, updating a bug, etc.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.2.x ccae795a

2009-12-01 04:32

dhx


Details Diff
Fix 0011246: XSS bug in category dropdown selector

If a category name contains "<script>alert(42);</script>" then it would
result in a XSS vulnerability whenever a category dropdown list was
printed. This applies to pages such as bug reporting, updating a bug,
etc.
Affected Issues
0011246
mod - core/print_api.php Diff File

MantisBT: master 98f63cf5

2009-12-01 04:32

dhx


Details Diff
Fix 0011246: XSS bug in category dropdown selector

If a category name contains "<script>alert(42);</script>" then it would
result in a XSS vulnerability whenever a category dropdown list was
printed. This applies to pages such as bug reporting, updating a bug,
etc.
Affected Issues
0011246
mod - core/print_api.php Diff File