View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008977 | mantisbt | security | public | 2008-03-14 21:20 | 2008-08-11 09:42 |
Reporter | thraxisp | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.1 | ||||
Target Version | 1.2.0a2 | Fixed in Version | 1.2.0a2 | ||
Summary | 0008977: Port 0008974: XSS Vulnerability in filters | ||||
Description | Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis A) XSS Vulnerabilities We have found an XSS vulnerability in return_dynamic_filters.php. In order to exploit this vulnerability the attacker must be authenticated. Usually the anonymous user is allowed on typical installation, so the impact is a bit higher. The following url is a proof of concept: http://www.example.com/mantis/return_dynamic_filters.php?filter_target=<script>alert(document.cookie);</script> | ||||
Tags | No tags attached. | ||||
fixed in svn r5117 |
|
Removing private status, as this is public now as part of CVE-2008-2276. Rad Hat reference: |
|