View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0019493 | mantisbt | security | public | 2015-03-12 22:25 | 2015-03-27 04:41 |
Reporter | TWSpiders | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.0a4 | ||||
Fixed in Version | 1.2.19 | ||||
Summary | 0019493: CVE-2014-9701: XSS vulnerability in permalink_page.php | ||||
Description | This issue was previously reported in 0019384. However, it was advised to create a new issue for requesting a CVE number. Mantis 1.2.18 and prior are vulnerable to a XSS vulnerability in the 'permalink_page.php' page | ||||
Steps To Reproduce | Finding 1: Cross-Site Scripting Vulnerability in 'permalink_page.php' page #Request: | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
For the record, this specific XSS issue on permalink_page.php was previously reported by grangeway in 0017362:0040613 (the follow-up took place off-line via e-mail/IRC), so if any credit is to be given for this discovery, it would go to him. |
|
See also http://thread.gmane.org/gmane.comp.security.oss.general/14977/focus=15022 |
|
CVE request http://thread.gmane.org/gmane.comp.security.oss.general/16119 |
|
This is requested for tracking purposes only. Thank you. |
|