0012432: XSS issues when viewing Summary page - MantisBT

MantisBT

View Issue Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0012432

mantisbt

security

public

2010-10-07 05:46

2011-08-02 12:35

Reporter

giallu

Assigned To

giallu

Priority

high

Severity

major

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS

OS Version

Product Version

1.1.8

Target Version

1.1.9

Fixed in Version

1.1.9

Summary

0012432: XSS issues when viewing Summary page

Description

Scripting code entered in summary field might be executed when displaying Summary page

Steps To Reproduce

1. Enter an issue with scripting code in Summary field
2. View "Summary" page
3. See your code beeing executed if issue is displayed in list of longest open issues

Tags

No tags attached.

Relationships

related to

closed

XSS issues when viewing Summary page

Notes
There are no notes attached to this issue.

Related Changesets
MantisBT: master-1.1.x 78d1449e Timestamp: 2010-10-07 10:31:09 Author: giallu [ Details ] [ Diff ]	Fix 0012432: XSS issues when viewing Summary page Backport of commit c58a678 for bug 12309
	mod - core/summary_api.php		[ Diff ] [ File ]

Issue History
Date Modified	Username	Field	Change
2010-10-07 05:46	giallu	New Issue
2010-10-07 05:46	giallu	Status	new => assigned
2010-10-07 05:46	giallu	Assigned To	=> dhx
2010-10-07 05:46	giallu	Issue generated from: 0012309
2010-10-07 05:46	giallu	Relationship added	related to 0012309
2010-10-07 05:46	giallu	Assigned To	dhx => giallu
2010-10-07 06:34	giallu	Changeset attached	=> MantisBT master-1.1.x 78d1449e
2010-10-07 06:34	giallu	Resolution	open => fixed
2010-10-08 23:58	dhx	Status	assigned => resolved
2010-10-08 23:58	dhx	Fixed in Version	=> 1.1.9
2011-08-02 12:35	dregad	Status	resolved => closed

MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]

Copyright © 2000 - 2013 MantisBT Team

Time: 0.1161 seconds.
memory usage: 2,785 KB