View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0006485mantisbtsecuritypublic2005-12-09 21:282006-10-09 11:55
Reporterthraxisp Assigned Tothraxisp  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.0.0rc3 
Fixed in Version1.0.0rc4 
Summary0006485: XSS Vulnerability in filters (TKADV2005-11-002)
Description

[4] Cross Site Scripting

Possible damage: Medium
Probability of occurrence: Low
Resulting threat: Low

HTTP method: GET

Vulnerability description:

The "view_type" parameter is prone to cross-site scripting attacks. 
This could permit remote attackers to create a malicious link to a 
vulnerable PHP script that includes hostile client-side script code 
or HTML. If this link is visited, the attacker-supplied code may be 
rendered in the browser of the user who visit the malicious link.

Proof of Concept:

[path_to_mantis]/view_filters_page.php?target_field=reporter_id[]&
view_type="><script>alert(document.cookie)</script>

[5] Cross Site Scripting

Possible damage: Medium
Probability of occurrence: Low
Resulting threat: Low

HTTP method: GET

Vulnerability description:

The "target_field" parameter is prone to cross-site scripting

attacks.
This could permit remote attackers to create a malicious link to a
vulnerable PHP script that includes hostile client-side script code
or HTML. If this link is visited, the attacker-supplied code may be
rendered in the browser of the user who visit the malicious link.

Proof of Concept:

[path_to_mantis]/view_filters_page.php?target_field=
"><script>alert(document.cookie)</script>

TagsNo tags attached.

Relationships

parent of 0006486 closedthraxisp Port XSS Vulnerability in filters (TKADV2005-11-002) 
parent of 0006487 closedthraxisp Port XSS Vulnerability in filters (TKADV2005-11-002) 

Activities

thraxisp

thraxisp

2005-12-09 22:03

reporter   ~0011768

Fixed in CVS

view_all_set.php -> 1.57.4.1
view_filters_page.php -> 1.38.6.2