View Issue Details

IDProjectCategoryView StatusLast Update
0012238mantisbtsecuritypublic2011-08-02 12:35
Reporterdhx 
Assigned Todhx 
PriorityimmediateSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012238: XSS in print_all_bug_page_word.php when printing project and category names
Description

print_all_bug_page_word.php does not correctly sanitise project and category names. It is thus possible for a malicious user with project manager access permissions (or higher) to redirect users to print_all_bug_page_word.php to execute malicious JavaScript.

TagsNo tags attached.

Relationships

related to 0012371 closedgiallu XSS in print_all_bug_page_word.php when printing project and category names 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master bfc9e9ff

2010-08-05 08:00:45

dhx

Details Diff
Fix 0012238: XSS in print_all_bug_page_word.php project/category names

print_all_bug_page_word.php does not correctly sanitise project and
category names. It is thus possible for a malicious user with project
manager access permissions (or higher) to redirect users to
print_all_bug_page_word.php to execute malicious JavaScript.
mod - print_all_bug_page_word.php Diff File

MantisBT: master-1.2.x 9fc1dd81

2010-08-05 08:00:45

dhx

Details Diff
Fix 0012238: XSS in print_all_bug_page_word.php project/category names

print_all_bug_page_word.php does not correctly sanitise project and
category names. It is thus possible for a malicious user with project
manager access permissions (or higher) to redirect users to
print_all_bug_page_word.php to execute malicious JavaScript.
mod - print_all_bug_page_word.php Diff File

Issue History

Date Modified Username Field Change
2010-08-05 04:00 dhx New Issue
2010-08-05 04:00 dhx Status new => assigned
2010-08-05 04:00 dhx Assigned To => dhx
2010-08-05 04:02 dhx Changeset attached => MantisBT master bfc9e9ff
2010-08-05 04:02 dhx Changeset attached => MantisBT master-1.2.x 9fc1dd81
2010-08-05 04:02 dhx Resolution open => fixed
2010-08-05 04:02 dhx Fixed in Version => 1.2.3
2010-08-05 04:02 dhx Status assigned => resolved
2010-08-05 18:37 dhx View Status private => public
2010-09-18 19:25 giallu Issue cloned: 0012371
2010-09-18 19:25 giallu Relationship added related to 0012371
2011-08-02 12:35 dregad Status resolved => closed