Search found 5 matches

by tuanklnew
29 Jan 2018, 01:57
Forum: General Discussion
Topic: Cross-site scripting on Mantis Bug Tracker v2.10
Replies: 1
Views: 2253

Cross-site scripting on Mantis Bug Tracker v2.10

Yesterday I accidentally found security vulnerability - Cross-site scripting on Mantis Bug Tracker. In more detail, I used Burpsuite to modify POST parameter to adm_config_report.php. Parameter named "value" with element: fixed_in_version, project_id, id are effected. I inserted </textarea...
by tuanklnew
12 Jan 2018, 10:53
Forum: General Discussion
Topic: [Soap_api] mc_issue_add custom fields problem
Replies: 4
Views: 3760

Re: [Soap_api] mc_issue_add custom fields problem

atrol wrote:Please create a bug report for it https://www.mantisbt.org/bugs
I reported bug. But it seems this bug existed from Mantis BT 2.9.0 and my report is duplicated. Unfortunately this bug is still not fixed.
by tuanklnew
12 Jan 2018, 07:36
Forum: General Discussion
Topic: SOAP API access deny even using administrator account
Replies: 3
Views: 3944

Re: SOAP API access deny even using administrator account

Thank for replying. I found out that is my mistake. I print out xml and there is incorrect account.
by tuanklnew
12 Jan 2018, 04:15
Forum: General Discussion
Topic: [Soap_api] mc_issue_add custom fields problem
Replies: 4
Views: 3760

[Soap_api] mc_issue_add custom fields problem

Hello everyone, I am working on MantisBT client by using Zeep of Python 3 that connect to Soap api of Mantis. On Mantis 2.8, my program call mc_issue_add with no error. Unfortunally, When I upgrade to Mantis 2.10 my program does not work anymore but show error: zeep.exceptions.Fault: Cannot use obje...
by tuanklnew
28 Nov 2017, 03:23
Forum: General Discussion
Topic: SOAP API access deny even using administrator account
Replies: 3
Views: 3944

SOAP API access deny even using administrator account

Hello everyone, I am working on SOAP client which base on python3 Zeep . I used administrator account to retreived project information in Mantin by calling mc_project_get_all_subprojects and unfortunately it returned "Access denied" . I think that maybe there have some config option in con...