View Issue Details

IDProjectCategoryView StatusLast Update
0011247mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011247: XSS in various management pages due to unsanitised project names
Description

A project name containing "<script>alert(42);</script>" will result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.2.x d55a7f24

2009-12-01 04:49

dhx


Details Diff
Fix 0011247: XSS in various management pages (project names)

A project name containing "<script>alert(42);</script>" would result in
XSS vulnerabilities in adm_config_report.php and
manage_custom_field_edit_page.php due to unsanitised project names being
printed directly to HTML output.
Affected Issues
0011247
mod - core/print_api.php Diff File
mod - adm_config_report.php Diff File

MantisBT: master 403cd6c1

2009-12-01 04:49

dhx


Details Diff
Fix 0011247: XSS in various management pages (project names)

A project name containing "<script>alert(42);</script>" would result in
XSS vulnerabilities in adm_config_report.php and
manage_custom_field_edit_page.php due to unsanitised project names being
printed directly to HTML output.
Affected Issues
0011247
mod - adm_config_report.php Diff File
mod - core/print_api.php Diff File