Relationship Graph

View IssueDependency GraphShow Summary
Relationship Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0006563mantisbtsecuritypublic2006-01-05 21:212006-10-09 11:55
Reporterthraxisp Assigned Tothraxisp  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.0.0rc4 
Fixed in Version1.0.0rc5 
Summary0006563: Port XSS Vulnerability in project documents (TKADV2005-11-002)
Description

It is possible to embed an XSS script into the information passed to proj_doc_delete. It is primarily cosmetic.

From Thomas Waldegger [thomas.waldegger at morph3us dot org]

/proj_doc_delete.php:

<?file_id=1&title=%22%3E%3Cscript%3Ealert(document.cookie)%3C/
script%3E>

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
child of 0006562 closedthraxisp XSS Vulnerability in project documents (TKADV2005-11-002) 

Activities

thraxisp

thraxisp

2006-01-05 21:31

reporter   ~0011875

Fixed in CVS.

proj_doc_delete.php -> 1.25.10.1
proj_doc_page.php -> 1.50.6.1