View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011260 | mantisbt | security | public | 2009-12-05 09:09 | 2015-02-20 02:35 |
Reporter | dhx | Assigned To | dhx | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011260: Attribute/XSS injection in permalink_page.php | ||||
Description | HTML attribute injection via: This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x 1740b99c 2009-12-05 09:09 Details Diff |
Fix 0011260: Attribute injection/XSS in permalink_page.php HTML attribute injection via: permalink_page.php?url=%22%20style=%22display:none%22 This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. |
Affected Issues 0011260 |
|
mod - permalink_page.php | Diff File | ||
MantisBT: master 3363f907 2009-12-05 09:09 Details Diff |
Fix 0011260: Attribute injection/XSS in permalink_page.php HTML attribute injection via: permalink_page.php?url=%22%20style=%22display:none%22 This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. |
Affected Issues 0011260 |
|
mod - permalink_page.php | Diff File |