View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006556 | mantisbt | security | public | 2006-01-04 22:40 | 2006-10-09 11:55 |
Reporter | thraxisp | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 0.19.3 | ||||
Fixed in Version | 0.19.5 | ||||
Summary | 0006556: XSS Vulnerability in manage_user (TKADV2005-11-002) | ||||
Description | It is possible to embed an XSS script into the sort field of the manage_user_page. It is then trapped in the use's cookies. From Thomas Waldegger [thomas.waldegger at morph3us dot org] You did not address the "MANTIS_MANAGE_COOKIE" cookie bug (XSS, /manage_user_page.php: ?sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&save=1 | ||||
Tags | No tags attached. | ||||