2014-11-23 05:49 EST

View Issue Details Jump to Notes ] Wiki ] Related Changesets ]
IDProjectCategoryView StatusLast Update
0012238mantisbtsecuritypublic2011-08-02 12:35
Reporterdhx 
Assigned Todhx 
PriorityimmediateSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012238: XSS in print_all_bug_page_word.php when printing project and category names
Descriptionprint_all_bug_page_word.php does not correctly sanitise project and category names. It is thus possible for a malicious user with project manager access permissions (or higher) to redirect users to print_all_bug_page_word.php to execute malicious JavaScript.
TagsNo tags attached.
Attached Files

- Relationships
related to 0012371closedgiallu XSS in print_all_bug_page_word.php when printing project and category names 
+ Relationships

-  Notes
There are no notes attached to this issue.
+  Notes

+ Related Changesets

- Issue History
Date Modified Username Field Change
2010-08-05 04:00 dhx New Issue
2010-08-05 04:00 dhx Status new => assigned
2010-08-05 04:00 dhx Assigned To => dhx
2010-08-05 04:02 dhx Changeset attached => MantisBT master bfc9e9ff
2010-08-05 04:02 dhx Changeset attached => MantisBT master-1.2.x 9fc1dd81
2010-08-05 04:02 dhx Resolution open => fixed
2010-08-05 04:02 dhx Fixed in Version => 1.2.3
2010-08-05 04:02 dhx Status assigned => resolved
2010-08-05 18:37 dhx View Status private => public
2010-09-18 19:25 giallu Issue cloned: 0012371
2010-09-18 19:25 giallu Relationship added related to 0012371
2011-08-02 12:35 dregad Status resolved => closed
+ Issue History