View Issue Details

IDProjectCategoryView StatusLast Update
0012231mantisbtsecuritypublic2011-08-02 12:35
Reporterjreese 
Assigned Todhx 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012231: XSS vulnerability when uninstalling maliciously named plugins
Description

Found when investigating Secunia report SA40832. There is an XSS vulnerability when uninstalling plugins that have been maliciously named. Chance of attack is extremely low due to requiring site admin access to both install and uninstall plugins.

TagsNo tags attached.

Relationships

related to 0012230 closed CVE-2010-2574: XSS vulnerability when deleting maliciously named categories 

Activities

dhx

dhx

2010-08-04 09:29

reporter   ~0026212

Thanks John, all fixed.

Related Changesets

MantisBT: master 2e397700

2010-08-04 13:23:48

dhx

Details Diff
Fix 0012231: XSS vulnerability when uninstalling badly named plugins

John Reese discovered an XSS vulnerability with the uninstall
confirmation message shown when plugins are being uninstalled. The
plugin name is not escaped before being outputted and thus HTML unsafe
characters are not sanitised.

This doesn't actually pose a security risk because it requires someone
to:
a) Have access to the server to rename a plugin in the PHP files
b) Have administrator access to the MantisBT installation
mod - manage_plugin_uninstall.php Diff File

MantisBT: master-1.2.x f60d0cfb

2010-08-04 13:23:48

dhx

Details Diff
Fix 0012231: XSS vulnerability when uninstalling badly named plugins

John Reese discovered an XSS vulnerability with the uninstall
confirmation message shown when plugins are being uninstalled. The
plugin name is not escaped before being outputted and thus HTML unsafe
characters are not sanitised.

This doesn't actually pose a security risk because it requires someone
to:
a) Have access to the server to rename a plugin in the PHP files
b) Have administrator access to the MantisBT installation
mod - manage_plugin_uninstall.php Diff File

Issue History

Date Modified Username Field Change
2010-08-04 09:15 jreese New Issue
2010-08-04 09:15 jreese Status new => assigned
2010-08-04 09:15 jreese Assigned To => dhx
2010-08-04 09:15 jreese Issue generated from: 0012230
2010-08-04 09:15 jreese Relationship added related to 0012230
2010-08-04 09:28 dhx Changeset attached => MantisBT master 2e397700
2010-08-04 09:28 dhx Changeset attached => MantisBT master-1.2.x f60d0cfb
2010-08-04 09:28 dhx Resolution open => fixed
2010-08-04 09:28 dhx Fixed in Version => 1.2.3
2010-08-04 09:29 dhx Note Added: 0026212
2010-08-04 09:29 dhx Status assigned => resolved
2010-08-05 18:37 dhx View Status private => public
2011-08-02 12:35 dregad Status resolved => closed