View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005751 | mantisbt | security | public | 2005-06-08 18:36 | 2005-07-23 02:26 |
Reporter | spud | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.0a3 | ||||
Fixed in Version | 1.0.0rc1 | ||||
Summary | 0005751: Javascript XSS vulnerability | ||||
Description | I had a user create an "issue" that contained only this: <script>alert("your bug tracking is vulnearble to xss");</script> For the most part, the hack is rendered ineffective, which is nice. However, upon attempting to delete this bogus entry, I clicked the "Delete Issue" button, which started to load bug_actiongroup_page.php. Just before the page finished loading, what happened? I got a javascript alert that said "your bug tracking is vulnearble to xss"! So indeed it is...at least if you try to delete it! I left it up, so you can see the bogus entry as-is: http://bugs.dadaimc.org/view.php?id=160 | ||||
Additional Information | PS: Sorry for the dupe of the custom field bug earlier! I didn't look hard enough for it before submitting. The CVS patch works great! | ||||
Tags | No tags attached. | ||||
has duplicate | 0005748 | closed | vboctor | Javascript XSS vulnerability |
has duplicate | 0005750 | closed | vboctor | Javascript XSS vulnerability |
has duplicate | 0005749 | closed | vboctor | Javascript XSS vulnerability |
has duplicate | 0006002 | closed | thraxisp | Cross Site Scripting Vulnerabilty when deleting a bug |
child of | 0005460 | closed | vboctor | Critical Issues to Fix for Mantis 1.0.0 Release |