View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0024814 | mantisbt | security | public | 2018-09-29 04:58 | 2018-10-27 16:22 |
Reporter | atrol | Assigned To | atrol | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.1.0 | ||||
Target Version | 2.17.2 | Fixed in Version | 2.17.2 | ||
Summary | 0024814: CVE-2018-17783: XSS in manage_filter_edit_page.php | ||||
Description | Project Name is printed on manage_filter_edit_page.php without being sanitized. | ||||
Tags | No tags attached. | ||||
Attached Files | 24814-XSS-manage_filter_edit_page.patch (1,786 bytes)
From 2fa781fa93c52f854f88e0a0123da13e94528473 Mon Sep 17 00:00:00 2001 From: Roland Becker <roland@atrol.de> Date: Sat, 29 Sep 2018 11:33:47 +0200 Subject: [PATCH] Fix XSS in manage_filter_edit_page Fixes #24814 --- manage_filter_edit_page.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manage_filter_edit_page.php b/manage_filter_edit_page.php index 9478d059c..ddb6fddb8 100644 --- a/manage_filter_edit_page.php +++ b/manage_filter_edit_page.php @@ -185,14 +185,14 @@ $t_filter_project_id = filter_get_field( $f_filter_id, 'project_id' ); <?php if( ALL_PROJECTS != $t_filter_project_id ) { ?> <label> <input type="radio" class="ace input-sm" name="filter_project_id" value="<?php echo $t_filter_project_id ?>" <?php check_checked( ALL_PROJECTS != $t_filter_project_id ) ?>> - <span class="lbl padding-6"><?php echo lang_get( 'stored_project' ) . ' (' . project_get_name( $t_filter_project_id ) . ')' ?></span> + <span class="lbl padding-6"><?php echo lang_get( 'stored_project' ) . ' (' . string_display_line( project_get_name( $t_filter_project_id ) ) . ')' ?></span> </label> <br> <?php } ?> <?php if( $t_filter_project_id != $t_current_project_id ) { ?> <label> <input type="radio" class="ace input-sm" name="filter_project_id" value="<?php echo $t_current_project_id ?>"> - <span class="lbl padding-6"><?php echo lang_get( 'current_project' ) . ' (' . project_get_name( $t_current_project_id ) . ')' ?></span> + <span class="lbl padding-6"><?php echo lang_get( 'current_project' ) . ' (' . string_display_line( project_get_name( $t_current_project_id ) ) . ')' ?></span> </label> <?php } ?> </td> -- 2.19.0 | ||||
CVE Request 577429 sent to MITRE |
|
CVE-2018-17783 assigned |
|
Looks good. |
|
I'm OK with the patch for both 0024813 and 0024814, I confirm it addresses the vulnerability. @atrol, thanks for going through the whole process including CVE request. As a side note, a single CVE ID for both issues would probably have been sufficient in this case, as it's the same error on both pages. |
|