0024813: CVE-2018-17782: XSS in manage_filter_page.php - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0024813	mantisbt	security	public	2018-09-29 04:54	2018-10-27 16:21

Reporter	atrol	Assigned To	atrol
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2.1.0
Target Version	2.17.2	Fixed in Version	2.17.2

Summary	0024813: CVE-2018-17782: XSS in manage_filter_page.php
Description	Project Name is printed on manage_filter_page.php without being sanitized.
Tags	No tags attached.
Attached Files	24813-XSS-manage_filter_page.patch (1,359 bytes) From a8f460b4d5d171ea1b0cc5a32ecfeb0ecbf9fcf9 Mon Sep 17 00:00:00 2001 From: Roland Becker <roland@atrol.de> Date: Sat, 29 Sep 2018 11:19:07 +0200 Subject: [PATCH] Fix XSS in manage_filter_page.php Fixes #24813 --- manage_filter_page.php \| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manage_filter_page.php b/manage_filter_page.php index f215741f8..4732a579a 100644 --- a/manage_filter_page.php +++ b/manage_filter_page.php @@ -103,7 +103,7 @@ function table_print_filter_row( $p_filter_id ) { echo '</td>'; } # Project - echo '<td>' . project_get_name( filter_get_field( $p_filter_id, 'project_id' )) . '</td>'; + echo '<td>' . string_display_line( project_get_name( filter_get_field( $p_filter_id, 'project_id' ) ) ) . '</td>'; # Public echo '<td class="center">' . trans_bool( filter_get_field( $p_filter_id, 'is_public' ) ) . '</td>'; # Owner @@ -152,7 +152,7 @@ function table_print_filters( array $p_filter_array ) { <div class="widget-header widget-header-small"> <h4 class="widget-title lighter"> <i class="ace-icon fa fa-filter"></i> - <?php echo lang_get('available_filter_for_project') . ': ' . project_get_name( $t_project_id ) ?> + <?php echo lang_get('available_filter_for_project') . ': ' . string_display_line( project_get_name( $t_project_id ) ) ?> </h4> </div> -- 2.19.0 24813-XSS-manage_filter_page.patch (1,359 bytes)

atrol 2018-09-29 12:11 developer ~0060701	CVE Request 577429 sent to MITRE

atrol 2018-09-29 15:33 developer ~0060703	CVE-2018-17782 assigned

vboctor 2018-09-29 18:23 manager ~0060705	Looks good to me.

dregad 2018-09-30 07:03 developer ~0060710	I'm OK with the patch for both 0024813 and 0024814, I confirm it addresses the vulnerability. @atrol, thanks for going through the whole process including CVE request. As a side note, a single CVE ID for both issues would probably have been sufficient in this case, as it's the same error on both pages.