Search found 5 matches
- 29 Jan 2018, 01:57
- Forum: General Discussion
- Topic: Cross-site scripting on Mantis Bug Tracker v2.10
- Replies: 1
- Views: 2272
Cross-site scripting on Mantis Bug Tracker v2.10
Yesterday I accidentally found security vulnerability - Cross-site scripting on Mantis Bug Tracker. In more detail, I used Burpsuite to modify POST parameter to adm_config_report.php. Parameter named "value" with element: fixed_in_version, project_id, id are effected. I inserted </textarea...
- 12 Jan 2018, 10:53
- Forum: General Discussion
- Topic: [Soap_api] mc_issue_add custom fields problem
- Replies: 4
- Views: 3851
Re: [Soap_api] mc_issue_add custom fields problem
I reported bug. But it seems this bug existed from Mantis BT 2.9.0 and my report is duplicated. Unfortunately this bug is still not fixed.atrol wrote:Please create a bug report for it https://www.mantisbt.org/bugs
- 12 Jan 2018, 07:36
- Forum: General Discussion
- Topic: SOAP API access deny even using administrator account
- Replies: 3
- Views: 4004
Re: SOAP API access deny even using administrator account
Thank for replying. I found out that is my mistake. I print out xml and there is incorrect account.
- 12 Jan 2018, 04:15
- Forum: General Discussion
- Topic: [Soap_api] mc_issue_add custom fields problem
- Replies: 4
- Views: 3851
[Soap_api] mc_issue_add custom fields problem
Hello everyone, I am working on MantisBT client by using Zeep of Python 3 that connect to Soap api of Mantis. On Mantis 2.8, my program call mc_issue_add with no error. Unfortunally, When I upgrade to Mantis 2.10 my program does not work anymore but show error: zeep.exceptions.Fault: Cannot use obje...
- 28 Nov 2017, 03:23
- Forum: General Discussion
- Topic: SOAP API access deny even using administrator account
- Replies: 3
- Views: 4004
SOAP API access deny even using administrator account
Hello everyone, I am working on SOAP client which base on python3 Zeep . I used administrator account to retreived project information in Mantin by calling mc_project_get_all_subprojects and unfortunately it returned "Access denied" . I think that maybe there have some config option in con...