| Anonymous | Login | Signup for a new account | 2013-06-20 04:50 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0012231 | mantisbt | security | public | 2010-08-04 09:15 | 2011-08-02 12:35 | ||||
| Reporter | jreese | ||||||||
| Assigned To | dhx | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 1.2.2 | ||||||||
| Target Version | 1.2.3 | Fixed in Version | 1.2.3 | ||||||
| Summary | 0012231: XSS vulnerability when uninstalling maliciously named plugins | ||||||||
| Description | Found when investigating Secunia report SA40832. There is an XSS vulnerability when uninstalling plugins that have been maliciously named. Chance of attack is extremely low due to requiring site admin access to both install and uninstall plugins. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
| Related Changesets |
|||
|
MantisBT: master 2e397700
Timestamp: 2010-08-04 13:23:48 Author: dhx [ Details ] [ Diff ] |
Fix 0012231: XSS vulnerability when uninstalling badly named plugins John Reese discovered an XSS vulnerability with the uninstall confirmation message shown when plugins are being uninstalled. The plugin name is not escaped before being outputted and thus HTML unsafe characters are not sanitised. This doesn't actually pose a security risk because it requires someone to: a) Have access to the server to rename a plugin in the PHP files b) Have administrator access to the MantisBT installation |
||
| mod - manage_plugin_uninstall.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.2.x f60d0cfb
Timestamp: 2010-08-04 13:23:48 Author: dhx [ Details ] [ Diff ] |
Fix 0012231: XSS vulnerability when uninstalling badly named plugins John Reese discovered an XSS vulnerability with the uninstall confirmation message shown when plugins are being uninstalled. The plugin name is not escaped before being outputted and thus HTML unsafe characters are not sanitised. This doesn't actually pose a security risk because it requires someone to: a) Have access to the server to rename a plugin in the PHP files b) Have administrator access to the MantisBT installation |
||
| mod - manage_plugin_uninstall.php | [ Diff ] [ File ] | ||
| Related Changesets |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-08-04 09:15 | jreese | New Issue | |
| 2010-08-04 09:15 | jreese | Status | new => assigned |
| 2010-08-04 09:15 | jreese | Assigned To | => dhx |
| 2010-08-04 09:15 | jreese | Issue generated from: 0012230 | |
| 2010-08-04 09:15 | jreese | Relationship added | related to 0012230 |
| 2010-08-04 09:28 | dhx | Changeset attached | => MantisBT master 2e397700 |
| 2010-08-04 09:28 | dhx | Changeset attached | => MantisBT master-1.2.x f60d0cfb |
| 2010-08-04 09:28 | dhx | Resolution | open => fixed |
| 2010-08-04 09:28 | dhx | Fixed in Version | => 1.2.3 |
| 2010-08-04 09:29 | dhx | Note Added: 0026212 | |
| 2010-08-04 09:29 | dhx | Status | assigned => resolved |
| 2010-08-05 18:37 | dhx | View Status | private => public |
| 2011-08-02 12:35 | dregad | Status | resolved => closed |
|
Issue History |
| MantisBT 1.2.16dev master-1.2.x-05091f5 [^]
Copyright © 2000 - 2013 MantisBT Team
Time: 0.0775 seconds. memory usage: 2,815 KB |
|
