0006564: Port XSS Vulnerability in project documents (TKADV2005-11-002) - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0006564	mantisbt	security	public	2006-01-05 21:22	2006-10-09 11:55

Reporter	thraxisp	Assigned To	thraxisp
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	git trunk
Fixed in Version	1.1.0a1

Summary	0006564: Port XSS Vulnerability in project documents (TKADV2005-11-002)
Description	It is possible to embed an XSS script into the information passed to proj_doc_delete. It is primarily cosmetic. From Thomas Waldegger [thomas.waldegger at morph3us dot org] /proj_doc_delete.php: <?file_id=1&title=%22%3E%3Cscript%3Ealert(document.cookie)%3C/ script%3E>
Tags	No tags attached.

thraxisp 2006-01-05 21:25 reporter ~0011874	Fixed in CVS. proj_doc_delete.php -> 1.26 proj_doc_page.php -> 1.51