Search found 5 matches

by tuanklnew
Jan 28, 2018 8:57 pm
Forum: General Discussion
Topic: Cross-site scripting on Mantis Bug Tracker v2.10
Replies: 1
Views: 516

Cross-site scripting on Mantis Bug Tracker v2.10

Yesterday I accidentally found security vulnerability - Cross-site scripting on Mantis Bug Tracker. In more detail, I used Burpsuite to modify POST parameter to adm_config_report.php. Parameter named "value" with element: fixed_in_version, project_id, id are effected. I inserted </textarea><iframe s...
by tuanklnew
Jan 12, 2018 5:53 am
Forum: General Discussion
Topic: [Soap_api] mc_issue_add custom fields problem
Replies: 4
Views: 878

Re: [Soap_api] mc_issue_add custom fields problem

atrol wrote:Please create a bug report for it https://www.mantisbt.org/bugs
I reported bug. But it seems this bug existed from Mantis BT 2.9.0 and my report is duplicated. Unfortunately this bug is still not fixed.
by tuanklnew
Jan 12, 2018 2:36 am
Forum: General Discussion
Topic: SOAP API access deny even using administrator account
Replies: 3
Views: 1111

Re: SOAP API access deny even using administrator account

Thank for replying. I found out that is my mistake. I print out xml and there is incorrect account.
by tuanklnew
Jan 11, 2018 11:15 pm
Forum: General Discussion
Topic: [Soap_api] mc_issue_add custom fields problem
Replies: 4
Views: 878

[Soap_api] mc_issue_add custom fields problem

Hello everyone, I am working on MantisBT client by using Zeep of Python 3 that connect to Soap api of Mantis. On Mantis 2.8, my program call mc_issue_add with no error. Unfortunally, When I upgrade to Mantis 2.10 my program does not work anymore but show error: zeep.exceptions.Fault: Cannot use obje...
by tuanklnew
Nov 27, 2017 10:23 pm
Forum: General Discussion
Topic: SOAP API access deny even using administrator account
Replies: 3
Views: 1111

SOAP API access deny even using administrator account

Hello everyone, I am working on SOAP client which base on python3 Zeep . I used administrator account to retreived project information in Mantin by calling mc_project_get_all_subprojects and unfortunately it returned "Access denied" . I think that maybe there have some config option in config_inc.ph...