View Issue Details

IDProjectCategoryView StatusLast Update
0011262mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011262: XSS issues in various print_X_option_list functions (OS, platform, etc)
Description

In some of the print_X_option_list functions from print_api.php, certain strings (many user definable, others project manager definable) are not sanitised before being used in the dropdown option lists. Examples are the OS, platform, version and some project dropdown option lists. These problems can be reproduced by using return_dynamic_filters.php to output a vulnerable dropdown list of your choosing.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.2.x 21299299

2009-12-06 09:49

dhx


Details Diff
Fix 0011262: XSS issues in various print_X_option_list functions

In some of the print_X_option_list functions from print_api.php, certain
strings (many user definable, others project manager definable) are not
sanitised before being used in the dropdown option lists. Examples are
the OS, platform, version and some project dropdown option lists. These
problems can be reproduced by using return_dynamic_filters.php to output
a vulnerable dropdown list of your choosing.
Affected Issues
0011262
mod - core/print_api.php Diff File

MantisBT: master a2ae2348

2009-12-06 09:49

dhx


Details Diff
Fix 0011262: XSS issues in various print_X_option_list functions

In some of the print_X_option_list functions from print_api.php, certain
strings (many user definable, others project manager definable) are not
sanitised before being used in the dropdown option lists. Examples are
the OS, platform, version and some project dropdown option lists. These
problems can be reproduced by using return_dynamic_filters.php to output
a vulnerable dropdown list of your choosing.
Affected Issues
0011262
mod - core/print_api.php Diff File