View Issue Details

IDProjectCategoryView StatusLast Update
0011484mantisbtsecuritypublic2010-02-22 14:34
Reporterdhx Assigned Todhx  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.0 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011484: XSS on view_filters_page.php when displaying dropdown list of custom string field values
Description

view_filters_page.php shows a dropdown list of all values for any given custom string field. An XSS vulnerability exists due to a lack of sanitisation of custom field values when printed via print_filter_custom_field() from filter_api.php.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.2.x 1b277fc8

2010-02-09 22:45

dhx


Details Diff
Fix 0011484: XSS on view_filters_page.php custom string field printing

view_filters_page.php shows a dropdown list of all values for any given
custom string field. An XSS vulnerability exists due to a lack of
sanitisation of custom field values when printed via
print_filter_custom_field() from filter_api.php.
Affected Issues
0011484
mod - core/filter_api.php Diff File

MantisBT: master 806582eb

2010-02-09 22:45

dhx


Details Diff
Fix 0011484: XSS on view_filters_page.php custom string field printing

view_filters_page.php shows a dropdown list of all values for any given
custom string field. An XSS vulnerability exists due to a lack of
sanitisation of custom field values when printed via
print_filter_custom_field() from filter_api.php.
Affected Issues
0011484
mod - core/filter_api.php Diff File