2014-12-17 23:02 EST

View Issue Details Jump to Notes ] Wiki ] Related Changesets ]
IDProjectCategoryView StatusLast Update
0012231mantisbtsecuritypublic2011-08-02 12:35
Reporterjreese 
Assigned Todhx 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012231: XSS vulnerability when uninstalling maliciously named plugins
DescriptionFound when investigating Secunia report SA40832. There is an XSS vulnerability when uninstalling plugins that have been maliciously named. Chance of attack is extremely low due to requiring site admin access to both install and uninstall plugins.
TagsNo tags attached.
Attached Files

- Relationships
related to 0012230closeddhx XSS vulnerability when deleting maliciously named categories 
+ Relationships

-  Notes
User avatar

~0026212

dhx (reporter)

Thanks John, all fixed.
+  Notes

+ Related Changesets

- Issue History
Date Modified Username Field Change
2010-08-04 09:15 jreese New Issue
2010-08-04 09:15 jreese Status new => assigned
2010-08-04 09:15 jreese Assigned To => dhx
2010-08-04 09:15 jreese Issue generated from: 0012230
2010-08-04 09:15 jreese Relationship added related to 0012230
2010-08-04 09:28 dhx Changeset attached => MantisBT master 2e397700
2010-08-04 09:28 dhx Changeset attached => MantisBT master-1.2.x f60d0cfb
2010-08-04 09:28 dhx Resolution open => fixed
2010-08-04 09:28 dhx Fixed in Version => 1.2.3
2010-08-04 09:29 dhx Note Added: 0026212
2010-08-04 09:29 dhx Status assigned => resolved
2010-08-05 18:37 dhx View Status private => public
2011-08-02 12:35 dregad Status resolved => closed
+ Issue History