View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011247 | mantisbt | security | public | 2009-12-01 04:49 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011247: XSS in various management pages due to unsanitised project names | ||||
Description | A project name containing "<script>alert(42);</script>" will result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x d55a7f24 2009-12-01 04:49 Details Diff |
Fix 0011247: XSS in various management pages (project names) A project name containing "<script>alert(42);</script>" would result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. |
Affected Issues 0011247 |
|
mod - core/print_api.php | Diff File | ||
mod - adm_config_report.php | Diff File | ||
MantisBT: master 403cd6c1 2009-12-01 04:49 Details Diff |
Fix 0011247: XSS in various management pages (project names) A project name containing "<script>alert(42);</script>" would result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. |
Affected Issues 0011247 |
|
mod - adm_config_report.php | Diff File | ||
mod - core/print_api.php | Diff File |