View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011262 | mantisbt | security | public | 2009-12-06 09:49 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011262: XSS issues in various print_X_option_list functions (OS, platform, etc) | ||||
Description | In some of the print_X_option_list functions from print_api.php, certain strings (many user definable, others project manager definable) are not sanitised before being used in the dropdown option lists. Examples are the OS, platform, version and some project dropdown option lists. These problems can be reproduced by using return_dynamic_filters.php to output a vulnerable dropdown list of your choosing. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x 21299299 2009-12-06 09:49 Details Diff |
Fix 0011262: XSS issues in various print_X_option_list functions In some of the print_X_option_list functions from print_api.php, certain strings (many user definable, others project manager definable) are not sanitised before being used in the dropdown option lists. Examples are the OS, platform, version and some project dropdown option lists. These problems can be reproduced by using return_dynamic_filters.php to output a vulnerable dropdown list of your choosing. |
Affected Issues 0011262 |
|
mod - core/print_api.php | Diff File | ||
MantisBT: master a2ae2348 2009-12-06 09:49 Details Diff |
Fix 0011262: XSS issues in various print_X_option_list functions In some of the print_X_option_list functions from print_api.php, certain strings (many user definable, others project manager definable) are not sanitised before being used in the dropdown option lists. Examples are the OS, platform, version and some project dropdown option lists. These problems can be reproduced by using return_dynamic_filters.php to output a vulnerable dropdown list of your choosing. |
Affected Issues 0011262 |
|
mod - core/print_api.php | Diff File |