View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011397 | mantisbt | security | public | 2010-01-15 04:26 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011397: XSS with project names in relationship table | ||||
Description | A malicious project name containing Javascript will not be sanitised before being printed in the relationships table (the bug view page). Relevant code from relationship_api.php:
| ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x 45a2b5c3 2010-01-15 04:27 Details Diff |
Fix 0011397: XSS with project names in relationship table A malicious project name containing Javascript is not sanitised before being printed in the relationships table (the bug view page). |
Affected Issues 0011397 |
|
mod - core/relationship_api.php | Diff File | ||
MantisBT: master 0995c231 2010-01-15 04:27 Details Diff |
Fix 0011397: XSS with project names in relationship table A malicious project name containing Javascript is not sanitised before being printed in the relationships table (the bug view page). |
Affected Issues 0011397 |
|
mod - core/relationship_api.php | Diff File |