View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011484 | mantisbt | security | public | 2010-02-09 22:41 | 2010-02-22 14:34 |
Reporter | dhx | Assigned To | dhx | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011484: XSS on view_filters_page.php when displaying dropdown list of custom string field values | ||||
Description | view_filters_page.php shows a dropdown list of all values for any given custom string field. An XSS vulnerability exists due to a lack of sanitisation of custom field values when printed via print_filter_custom_field() from filter_api.php. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x 1b277fc8 2010-02-09 22:45 Details Diff |
Fix 0011484: XSS on view_filters_page.php custom string field printing view_filters_page.php shows a dropdown list of all values for any given custom string field. An XSS vulnerability exists due to a lack of sanitisation of custom field values when printed via print_filter_custom_field() from filter_api.php. |
Affected Issues 0011484 |
|
mod - core/filter_api.php | Diff File | ||
MantisBT: master 806582eb 2010-02-09 22:45 Details Diff |
Fix 0011484: XSS on view_filters_page.php custom string field printing view_filters_page.php shows a dropdown list of all values for any given custom string field. An XSS vulnerability exists due to a lack of sanitisation of custom field values when printed via print_filter_custom_field() from filter_api.php. |
Affected Issues 0011484 |
|
mod - core/filter_api.php | Diff File |