MantisBT

View Issue Details Jump to Notes ] Wiki ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0012238mantisbtsecuritypublic2010-08-05 04:002011-08-02 12:35
Reporterdhx 
Assigned Todhx 
PriorityimmediateSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012238: XSS in print_all_bug_page_word.php when printing project and category names
Descriptionprint_all_bug_page_word.php does not correctly sanitise project and category names. It is thus possible for a malicious user with project manager access permissions (or higher) to redirect users to print_all_bug_page_word.php to execute malicious JavaScript.
TagsNo tags attached.
Attached Files

- Relationships
related to 0012371closedgiallu XSS in print_all_bug_page_word.php when printing project and category names 

-  Notes
There are no notes attached to this issue.

- Related Changesets
MantisBT: master bfc9e9ff
Timestamp: 2010-08-05 08:00:45
Author: dhx
Details ] Diff ]
Fix 0012238: XSS in print_all_bug_page_word.php project/category names

print_all_bug_page_word.php does not correctly sanitise project and
category names. It is thus possible for a malicious user with project
manager access permissions (or higher) to redirect users to
print_all_bug_page_word.php to execute malicious JavaScript.
mod - print_all_bug_page_word.php Diff ] File ]
MantisBT: master-1.2.x 9fc1dd81
Timestamp: 2010-08-05 08:00:45
Author: dhx
Details ] Diff ]
Fix 0012238: XSS in print_all_bug_page_word.php project/category names

print_all_bug_page_word.php does not correctly sanitise project and
category names. It is thus possible for a malicious user with project
manager access permissions (or higher) to redirect users to
print_all_bug_page_word.php to execute malicious JavaScript.
mod - print_all_bug_page_word.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2010-08-05 04:00 dhx New Issue
2010-08-05 04:00 dhx Status new => assigned
2010-08-05 04:00 dhx Assigned To => dhx
2010-08-05 04:02 dhx Changeset attached => MantisBT master bfc9e9ff
2010-08-05 04:02 dhx Changeset attached => MantisBT master-1.2.x 9fc1dd81
2010-08-05 04:02 dhx Resolution open => fixed
2010-08-05 04:02 dhx Fixed in Version => 1.2.3
2010-08-05 04:02 dhx Status assigned => resolved
2010-08-05 18:37 dhx View Status private => public
2010-09-18 19:25 giallu Issue cloned: 0012371
2010-09-18 19:25 giallu Relationship added related to 0012371
2011-08-02 12:35 dregad Status resolved => closed


MantisBT 1.2.17 [^]
Copyright © 2000 - 2014 MantisBT Team
Time: 0.0854 seconds.
memory usage: 3,035 KB
Powered by Mantis Bugtracker