View Issue Details

IDProjectCategoryView StatusLast Update
0004276mantisbtsecuritypublic2006-10-09 11:54
Reportergrangeway Assigned Tojlatour  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version0.19.0rc1 
Summary0004276: cross site scripting issue
Description

/documentation_page.php?=<script>alert()</script>

TagsNo tags attached.

Relationships

child of 0003987 closedvboctor Mantis 0.19.0 Release 

Activities

jlatour

jlatour

2004-08-05 12:46

reporter   ~0006661

This is caused by phpinfo() showing the query string in its output. I guess we'll just have to remove the phpinfo() call?

Related Changesets

MantisBT: master b65a0b4c

2004-08-08 09:38

Paul Richards


Details Diff
Fix 4276 by removing phpinfo

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@2826 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9
Affected Issues
0004276
mod - core/html_api.php Diff File

MantisBT: master 0d9faa1d

2004-08-08 09:49

Paul Richards


Details Diff
Fix 4276: We'll do this instead

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@2828 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9
Affected Issues
0004276
mod - documentation_page.php Diff File