MantisBT

View Issue Details Jump to Notes ] Wiki ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0012231mantisbtsecuritypublic2010-08-04 09:152011-08-02 12:35
Reporterjreese 
Assigned Todhx 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012231: XSS vulnerability when uninstalling maliciously named plugins
DescriptionFound when investigating Secunia report SA40832. There is an XSS vulnerability when uninstalling plugins that have been maliciously named. Chance of attack is extremely low due to requiring site admin access to both install and uninstall plugins.
TagsNo tags attached.
Attached Files

- Relationships
related to 0012230closeddhx XSS vulnerability when deleting maliciously named categories 

-  Notes
User avatar (0026212)
dhx (reporter)
2010-08-04 09:29

Thanks John, all fixed.

- Related Changesets
MantisBT: master 2e397700
Timestamp: 2010-08-04 13:23:48
Author: dhx
Details ] Diff ]
Fix 0012231: XSS vulnerability when uninstalling badly named plugins

John Reese discovered an XSS vulnerability with the uninstall
confirmation message shown when plugins are being uninstalled. The
plugin name is not escaped before being outputted and thus HTML unsafe
characters are not sanitised.

This doesn't actually pose a security risk because it requires someone
to:
a) Have access to the server to rename a plugin in the PHP files
b) Have administrator access to the MantisBT installation
mod - manage_plugin_uninstall.php Diff ] File ]
MantisBT: master-1.2.x f60d0cfb
Timestamp: 2010-08-04 13:23:48
Author: dhx
Details ] Diff ]
Fix 0012231: XSS vulnerability when uninstalling badly named plugins

John Reese discovered an XSS vulnerability with the uninstall
confirmation message shown when plugins are being uninstalled. The
plugin name is not escaped before being outputted and thus HTML unsafe
characters are not sanitised.

This doesn't actually pose a security risk because it requires someone
to:
a) Have access to the server to rename a plugin in the PHP files
b) Have administrator access to the MantisBT installation
mod - manage_plugin_uninstall.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2010-08-04 09:15 jreese New Issue
2010-08-04 09:15 jreese Status new => assigned
2010-08-04 09:15 jreese Assigned To => dhx
2010-08-04 09:15 jreese Issue generated from: 0012230
2010-08-04 09:15 jreese Relationship added related to 0012230
2010-08-04 09:28 dhx Changeset attached => MantisBT master 2e397700
2010-08-04 09:28 dhx Changeset attached => MantisBT master-1.2.x f60d0cfb
2010-08-04 09:28 dhx Resolution open => fixed
2010-08-04 09:28 dhx Fixed in Version => 1.2.3
2010-08-04 09:29 dhx Note Added: 0026212
2010-08-04 09:29 dhx Status assigned => resolved
2010-08-05 18:37 dhx View Status private => public
2011-08-02 12:35 dregad Status resolved => closed


MantisBT 1.2.17 [^]
Copyright © 2000 - 2014 MantisBT Team
Time: 0.1527 seconds.
memory usage: 3,037 KB
Powered by Mantis Bugtracker