0006556: XSS Vulnerability in manage_user (TKADV2005-11-002) - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0006556	mantisbt	security	public	2006-01-04 22:40	2006-10-09 11:55

Reporter	thraxisp	Assigned To	thraxisp
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	0.19.3
Fixed in Version	0.19.5

Summary	0006556: XSS Vulnerability in manage_user (TKADV2005-11-002)
Description	It is possible to embed an XSS script into the sort field of the manage_user_page. It is then trapped in the use's cookies. From Thomas Waldegger [thomas.waldegger at morph3us dot org] You did not address the "MANTIS_MANAGE_COOKIE" cookie bug (XSS, unexploitable SQL-Injection, temporary defacement), the XSS vulnerabilities in `view_filters_page.php',`proj_doc_delete.php', `query_store_page.php',`query_store.php' and there are still a lot of scripts which do not properly validate user-supplied input. /manage_user_page.php: ?sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&save=1
Tags	No tags attached.

parent of	0006557	closed	thraxisp	XSS Vulnerability in manage_user (TKADV2005-11-002)
parent of	0006558	closed	thraxisp	XSS Vulnerability in manage_user (TKADV2005-11-002)

thraxisp 2006-01-04 22:59 reporter ~0011869	fixed in CVS (0.19.5 stream). manage_user_page.php -> 1.56.4.2 core/database_api.php -> 1.38.4.1