MantisBT: master-1.2.x df0a5af4

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2009-12-01 02:45 master-1.2.x b66d1b04
Affected Issues  0011244: XSS on change log and roadmap pages due to unsanitised project names
Changeset

Fix 0011244: XSS on change log and roadmap pages (project names)

If a project name is changed to contain "<script>alert(42);</script>"
then viewing the road map or change log pages will result in a
Javascript alert message appearing. This shows that an XSS flaw exists
due to a lack of sanitisation of the project name.
mod - changelog_page.php Diff File
mod - roadmap_page.php Diff File
mod - core/custom_function_api.php Diff File