0006563: Port XSS Vulnerability in project documents (TKADV2005-11-002) - MantisBT

Mantis Bug Tracker

View Issue Details [ Jump to Notes ] [ Wiki ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0006563

mantisbt

security

public

2006-01-05 21:21

2006-10-09 11:55

Reporter

thraxisp

Assigned To

thraxisp

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS

OS Version

Product Version

1.0.0rc4

Target Version

Fixed in Version

1.0.0rc5

Summary

0006563: Port XSS Vulnerability in project documents (TKADV2005-11-002)

Description

It is possible to embed an XSS script into the information passed to proj_doc_delete. It is primarily cosmetic.

From Thomas Waldegger [thomas.waldegger at morph3us dot org]

/proj_doc_delete.php:

<?file_id=1&title=%22%3E%3Cscript%3Ealert(document.cookie)%3C/
script%3E>

Tags

No tags attached.

Relationships

child of

closed

XSS Vulnerability in project documents (TKADV2005-11-002)

Notes
(0011875) thraxisp (manager) 2006-01-05 21:31	Fixed in CVS. proj_doc_delete.php -> 1.25.10.1 proj_doc_page.php -> 1.50.6.1

Issue History
Date Modified	Username	Field	Change
2006-01-05 21:21	thraxisp	New Issue
2006-01-05 21:21	thraxisp	Assigned To	=> thraxisp
2006-01-05 21:21	thraxisp	Issue generated from	0006562
2006-01-05 21:21	thraxisp	Relationship added	child of 0006562
2006-01-05 21:31	thraxisp	Status	new => resolved
2006-01-05 21:31	thraxisp	Fixed in Version	=> 1.0.0rc5
2006-01-05 21:31	thraxisp	Resolution	open => fixed
2006-01-05 21:31	thraxisp	Note Added: 0011875
2006-01-17 06:33	vboctor	Status	resolved => closed
2006-10-09 11:55	thraxisp	View Status	private => public

MantisBT 1.2.0rc2 git live[^]

Copyright © 2000 - 2010 MantisBT Group

Time: 0.1960 seconds.
memory usage: 1,800 KB