2014-11-25 21:47 EST

View Issue Details Jump to Notes ] Wiki ] Related Changesets ]
IDProjectCategoryView StatusLast Update
0016513mantisbtsecuritypublic2014-02-07 18:24
Reporteratrol 
Assigned Toatrol 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Product Version1.2.15 
Target Version1.2.16Fixed in Version1.2.16 
Summary0016513: CVE-2013-4460: XSS in account_sponsor_page.php project names
Descriptionaccount_sponsor_page.php.php does not correctly sanitise project names.
It is thus possible for a malicious user with project manager access permissions (or higher) to let users execute malicious JavaScript when visiting account_sponsor_page.php.
TagsNo tags attached.
Attached Files

- Relationships
+ Relationships

-  Notes
User avatar

~0038323

dregad (developer)

Security issues should be backported to 1.2
User avatar

~0038408

dregad (developer)

CVE assigned http://thread.gmane.org/gmane.comp.security.oss.general/11351/focus=11367 [^]
+  Notes

+ Related Changesets

- Issue History
Date Modified Username Field Change
2013-10-19 14:35 atrol New Issue
2013-10-19 14:35 atrol Status new => assigned
2013-10-19 14:35 atrol Assigned To => atrol
2013-10-19 14:37 atrol Changeset attached => MantisBT master 0002d106
2013-10-19 14:37 atrol Status assigned => resolved
2013-10-19 14:37 atrol Resolution open => fixed
2013-10-19 14:37 atrol Fixed in Version => 1.3.0dev
2013-10-19 14:37 atrol Fixed in Version 1.3.0dev => 1.3.x
2013-10-21 17:57 dregad Note Added: 0038323
2013-10-21 18:02 dregad Changeset attached => MantisBT master-1.2.x ad929d48
2013-10-21 18:21 atrol Fixed in Version 1.3.x => 1.2.16
2013-10-21 18:21 atrol Target Version 1.3.x => 1.2.16
2013-10-31 19:51 dregad Note Added: 0038408
2013-10-31 19:51 dregad Summary XSS in account_sponsor_page.php project names => CVE-2013-4460: XSS in account_sponsor_page.php project names
2014-02-07 18:24 dregad Status resolved => closed
+ Issue History