View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006564 | mantisbt | security | public | 2006-01-05 21:22 | 2006-10-09 11:55 |
Reporter | thraxisp | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | git trunk | ||||
Fixed in Version | 1.1.0a1 | ||||
Summary | 0006564: Port XSS Vulnerability in project documents (TKADV2005-11-002) | ||||
Description | It is possible to embed an XSS script into the information passed to proj_doc_delete. It is primarily cosmetic. From Thomas Waldegger [thomas.waldegger at morph3us dot org] /proj_doc_delete.php: <?file_id=1&title=%22%3E%3Cscript%3Ealert(document.cookie)%3C/ | ||||
Tags | No tags attached. | ||||