View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015511 | mantisbt | security | public | 2013-02-15 15:16 | 2014-09-23 18:05 |
Reporter | atrol | Assigned To | atrol | ||
Priority | high | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.14 | ||||
Target Version | 1.2.15 | Fixed in Version | 1.2.15 | ||
Summary | 0015511: CVE-2013-1931: XSS vulnerability when deleting a version | ||||
Description | Script is executed when trying to remove a version having scripting code in the name of the version. | ||||
Steps To Reproduce |
| ||||
Additional Information | The XSS issue does not occur in version 1.3.x using Firefox (IE is affected) | ||||
Tags | No tags attached. | ||||
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
CVE assigned on 06-Apr-2013 [1] [1] http://article.gmane.org/gmane.comp.security.oss.general/9878 |
|
MantisBT: master-1.2.x 8b13da01 2013-02-15 15:15 Details Diff |
Fix 0015511: XSS vulnerability when deleting a version |
Affected Issues 0015511 |
|
mod - manage_proj_ver_delete.php | Diff File | ||
MantisBT: master 44e140e9 2013-02-15 15:21 Details Diff |
Fix 0015511: XSS vulnerability when deleting a version |
Affected Issues 0015511 |
|
mod - manage_proj_ver_delete.php | Diff File |