MantisBT: master-1.2.x 92a3e685

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master-1.2.x 2010-12-24 23:29 master-1.2.x 68e701ff
Affected Issues  0012630: print_bugnote_inc.php XSS with reminders sent to users with malformed usernames
Changeset

Fix 0012630: print_bugnote_inc.php XSS with unescaped reminder usernames

A minor XSS issue exists with print_bugnote_inc.php whereby usernames
are not properly sanitised prior to being outputted.

Steps to reproduce:

  1. Create a user with a username of "Hack<script>alert(1)</script>"
    (note: MantisBT will not let people create these malformed usernames by
    default as only latin characters are accepted, therefore you must create
    the user with SQL or another raw approach).
  2. Send a reminder to this new user from inside a bug.
  3. Go to the print view of the bug.
  4. Notice an alert window pop up indicating an XSS issue.

NOTE: This is not a major security issue because MantisBT prevents
people from making malformed usernames by default. It's only an issue if
you're adding users to MantisBT using your own approach (a third party
user creation script) and writing directly to the database instead of
using MantisBT's API.
mod - print_bugnote_inc.php Diff File