View Issue Details

IDProjectCategoryView StatusLast Update
0012369mantisbtsecuritypublic2015-03-15 20:18
Reportergiallu Assigned Togiallu  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.8 
Fixed in Version1.1.x 
Summary0012369: CVE-2010-2574: XSS vulnerability when deleting maliciously named categories
Description

As reported by Secunia, SA40832, there is an XSS vulnerability when deleting categories that have been maliciously named. Chance of attack is extremely low due to requiring project manager access.

This is CVE-2010-2574

Additional Information

Official Secunia announcement: http://secunia.com/advisories/40832/

TagsNo tags attached.

Relationships

related to 0012230 closed CVE-2010-2574: XSS vulnerability when deleting maliciously named categories 

Activities

oberger

oberger

2010-09-20 03:52

reporter   ~0026794

Am I right in thinking this is the very same as 0012230, but backported to 1.1.x branch ?

dregad

dregad

2015-03-15 20:18

developer   ~0049239

Removed target version to avoid displaying something on the roadmap for a release that will never exist

Related Changesets

MantisBT: master-1.1.x 8f1ebac6

2010-09-18 17:29

giallu


Details Diff
Fix 0012369: XSS vulnerability when deleting maliciously named categories

Backport of commit 083c34f06ca927b16e781bae3ae324f450c35ea4
Affected Issues
0012369
mod - manage_proj_cat_delete.php Diff File