View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017876 | mantisbt | security | public | 2014-11-14 19:32 | 2014-12-05 18:33 |
Reporter | avlidienbrunn | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.17 | ||||
Target Version | 1.2.18 | Fixed in Version | 1.2.18 | ||
Summary | 0017876: CVE-2014-9281: Reflected XSS in admin panel / copy_field.php | ||||
Description | PoC: [MantisBT]/admin/copy_field.php?source_id=1&dest_id=<script>alert(1)</script> | ||||
Additional Information | Originally reported under point 5. in 0017362 | ||||
Tags | No tags attached. | ||||
Edited description: the original report referenced test_langs.php, but that page does not use any parameters. |
|
CVE request sent http://thread.gmane.org/gmane.comp.security.oss.general/14956 |
|
Comment from MITRE: Issues 0017876 and 0017874 are MERGED into the same CVE ID because they are the |
|
MITRE changed the CVE ID following grangeway's comment |
|
MantisBT: master-1.2.x e5fc835a 2014-10-30 15:29 Paul Richards Committer: dregad Details Diff |
Fix 0017876: XSS in copy_field.php This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017876 |
|
mod - admin/copy_field.php | Diff File |