View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012474 | mantisbt | security | public | 2010-10-22 06:26 | 2010-12-17 04:40 |
Reporter | dhx | Assigned To | dhx | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.4 | ||||
Target Version | 1.2.4 | Fixed in Version | 1.2.4 | ||
Summary | 0012474: bug_report XSS issue when report_stay=1 | ||||
Description | The "report stay" feature of the bug report page allows the user to remain on the bug report page after submitting a report. After submission a new bug_report page is opened and is prefilled with data from the bug report just completed. The problem is that the hidden input fields are not properly escaped. This is not really a security issue as you need a valid one time CSRF token to access bug_report.php anyhow. It's more a case of users experiencing broken page output when they submit bug reports containing HTML characters (using the report stay feature). | ||||
Tags | No tags attached. | ||||
MantisBT: master c8961258 2010-10-22 06:24 Details Diff |
Fix 0012474: bug_report XSS issue when report_stay=1 The "report stay" feature of the bug report page allows the user to remain on the bug report page after submitting a report. After submission a new bug_report page is opened and is prefilled with data from the bug report just completed. The problem is that the hidden input fields are not properly escaped. This is not really a security issue as you need a valid one time CSRF token to access bug_report.php anyhow. It's more a case of users experiencing broken page output when they submit bug reports containing HTML characters (using the report stay feature). |
Affected Issues 0012474 |
|
mod - bug_report.php | Diff File | ||
MantisBT: master-1.2.x da681451 2010-10-22 06:24 Details Diff |
Fix 0012474: bug_report XSS issue when report_stay=1 The "report stay" feature of the bug report page allows the user to remain on the bug report page after submitting a report. After submission a new bug_report page is opened and is prefilled with data from the bug report just completed. The problem is that the hidden input fields are not properly escaped. This is not really a security issue as you need a valid one time CSRF token to access bug_report.php anyhow. It's more a case of users experiencing broken page output when they submit bug reports containing HTML characters (using the report stay feature). |
Affected Issues 0012474 |
|
mod - bug_report.php | Diff File |