Changesets: MantisBT
|
master-1.2.x 9c0f46d6 2009-12-01 01:39 Details Diff |
Fix 0011234: Validate user name and email on account_page.php manage_user_edit_page.php correctly validates the real name and email address of user accounts that are updated by managers/admins. However, the user account update page (account_page.php) doesn't perform these validation checks, allowing users to set their real name and email address to invalid and potentially unsafe strings. |
Affected Issues 0011234 |
|
| mod - account_update.php | Diff File | ||
|
master 0789144e 2009-12-01 01:39 Details Diff |
Fix 0011234: Validate user name and email on account_page.php manage_user_edit_page.php correctly validates the real name and email address of user accounts that are updated by managers/admins. However, the user account update page (account_page.php) doesn't perform these validation checks, allowing users to set their real name and email address to invalid and potentially unsafe strings. |
Affected Issues 0011234 |
|
| mod - account_update.php | Diff File | ||
|
master-1.2.x 868c1d6c 2009-12-01 01:34 Details Diff |
Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_edit_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011242 |
|
| mod - manage_proj_edit_page.php | Diff File | ||
|
master a77662d5 2009-12-01 01:34 Details Diff |
Fix 0011242: XSS on manage_proj_edit_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_edit_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011242 |
|
| mod - manage_proj_edit_page.php | Diff File | ||
|
master-1.2.x ee7ee6d4 2009-12-01 01:27 Details Diff |
Fix 0011241: XSS on manage_proj_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011241 |
|
| mod - manage_proj_page.php | Diff File | ||
|
master 0aeb2ea2 2009-12-01 01:27 Details Diff |
Fix 0011241: XSS on manage_proj_page.php with user Real Name field Categories that are assigned to users whose names contain "<script>alert(42);</script>" will cause a XSS bug on manage_proj_page.php. The user real name needs to be sanitised before being printed. |
Affected Issues 0011241 |
|
| mod - manage_proj_page.php | Diff File | ||
|
master-1.2.x 19409969 2009-12-01 01:16 Details Diff |
Fix 0011240: XSS on bug_revision_view_page.php with user Real Name field User real names aren't sanitised before display on bug_revision_view_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011240 |
|
| mod - bug_revision_view_page.php | Diff File | ||
|
master 71ade607 2009-12-01 01:16 Details Diff |
Fix 0011240: XSS on bug_revision_view_page.php with user Real Name field User real names aren't sanitised before display on bug_revision_view_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011240 |
|
| mod - bug_revision_view_page.php | Diff File | ||
|
master-1.2.x 67ed4313 2009-12-01 01:08 Details Diff |
Fix 0011239: XSS on view_user_page.php with user Real Name field User real names aren't sanitised before display on view_user_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011239 |
|
| mod - view_user_page.php | Diff File | ||
|
master 15b0752a 2009-12-01 01:08 Details Diff |
Fix 0011239: XSS on view_user_page.php with user Real Name field User real names aren't sanitised before display on view_user_page.php thus this leads to an XSS vulnerability. |
Affected Issues 0011239 |
|
| mod - view_user_page.php | Diff File | ||
|
master 93f36d26 2009-12-01 00:55 Details Diff |
Fix 0011238: XSS on tag_update_page.php with user Real Name field User real name field is not sanitised on tag_update_page.php thus leading to an XSS vulnerability. |
Affected Issues 0011238 |
|
| mod - tag_update_page.php | Diff File | ||
|
master-1.2.x b1f59933 2009-12-01 00:55 Details Diff |
Fix 0011238: XSS on tag_update_page.php with user Real Name field User real name field is not sanitised on tag_update_page.php thus leading to an XSS vulnerability. |
Affected Issues 0011238 |
|
| mod - tag_update_page.php | Diff File | ||
|
master 01270e48 2009-12-01 00:50 Details Diff |
Fix 0011237: XSS on tag_view_page.php with user Real Name field The user real name field is not sanitised before being printed on tag_view_page.php thus exposing an XSS vulnerability. |
Affected Issues 0011237 |
|
| mod - tag_view_page.php | Diff File | ||
|
master-1.2.x 8491dbdf 2009-12-01 00:50 Details Diff |
Fix 0011237: XSS on tag_view_page.php with user Real Name field The user real name field is not sanitised before being printed on tag_view_page.php thus exposing an XSS vulnerability. |
Affected Issues 0011237 |
|
| mod - tag_view_page.php | Diff File | ||
|
master bb920bf5 2009-12-01 00:41 Details Diff |
Fix 0011236: XSS on view_all_bug_page.php with user Real Name field If a user is selected in one of the user filters (reporter, monitored by, etc) and that user has a name containing HTML elements, the HTML elements would not be escaped prior to displaying them as the currently selected filter options. |
Affected Issues 0011236 |
|
| mod - core/filter_api.php | Diff File | ||
|
master-1.2.x 4cb58c70 2009-12-01 00:41 Details Diff |
Fix 0011236: XSS on view_all_bug_page.php with user Real Name field If a user is selected in one of the user filters (reporter, monitored by, etc) and that user has a name containing HTML elements, the HTML elements would not be escaped prior to displaying them as the currently selected filter options. |
Affected Issues 0011236 |
|
| mod - core/filter_api.php | Diff File | ||
|
master a49cc3ce 2009-12-01 00:31 Details Diff |
Fix 0011233: XSS on adm_config_report.php with user Real Name field User real names were not sanitised on adm_config_report.php thus leading to XSS attacks against those with permission to access the configuration of a Mantis installation (typcially Administrators only). |
Affected Issues 0011233 |
|
| mod - adm_config_report.php | Diff File | ||
|
master-1.2.x 92561bce 2009-12-01 00:31 Details Diff |
Fix 0011233: XSS on adm_config_report.php with user Real Name field User real names were not sanitised on adm_config_report.php thus leading to XSS attacks against those with permission to access the configuration of a Mantis installation (typcially Administrators only). |
Affected Issues 0011233 |
|
| mod - adm_config_report.php | Diff File | ||
|
master 810ae079 2009-12-01 00:25 Details Diff |
Fix 0011232: XSS on summary_page.php with user Real Name field User real names should be sanitised before being printed to summary_page.php as it may be possible for the names to contain HTML elements that allow for XSS attacks. |
Affected Issues 0011232 |
|
| mod - core/summary_api.php | Diff File | ||
|
master-1.2.x c23edbfb 2009-12-01 00:25 Details Diff |
Fix 0011232: XSS on summary_page.php with user Real Name field User real names should be sanitised before being printed to summary_page.php as it may be possible for the names to contain HTML elements that allow for XSS attacks. |
Affected Issues 0011232 |
|
| mod - core/summary_api.php | Diff File | ||
|
master b1bc26eb 2009-12-01 00:14 Details Diff |
Fix 0011235: XSS on manage_tags_page.php with user Real Name field The "Real Name" field for users is not sanitised before being printed to manage_tags_page.php thus leading to a XSS vulnerability. |
Affected Issues 0011235 |
|
| mod - manage_tags_page.php | Diff File | ||
|
master-1.2.x 42e3640a 2009-12-01 00:14 Details Diff |
Fix 0011235: XSS on manage_tags_page.php with user Real Name field The "Real Name" field for users is not sanitised before being printed to manage_tags_page.php thus leading to a XSS vulnerability. |
Affected Issues 0011235 |
|
| mod - manage_tags_page.php | Diff File | ||
|
master-1.1.x c6f356da 2009-11-30 20:29 Details Diff |
Fix 0011229: Fix tagging XSS scripting vulnerabilities Tag names and descriptions were not properly sanitised before being written to HTML output. This meant that it was possible for users to create tags containing Javascript that is executed on every load of view_all_bug_page (and elsewhere) for all users. Thanks to Michel Arboi from Tenable Network Security (Nessus) for reporting this issue. This is a backport of 70b5022f556c9b9b6b0cd661e3357767a3b178c5 |
Affected Issues 0011229 |
|
| mod - tag_update_page.php | Diff File | ||
| mod - tag_view_page.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
|
master-1.2.x d36359cf 2009-11-30 19:56 Details Diff |
Fix 0011229: Fix tagging XSS scripting vulnerabilities Tag names and descriptions were not properly sanitised before being written to HTML output. This meant that it was possible for users to create tags containing Javascript that is executed on every load of view_all_bug_page (and elsewhere) for all users. Thanks to Michel Arboi from Tenable Network Security (Nessus) for reporting this issue. |
Affected Issues 0011229 |
|
| mod - tag_update_page.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - tag_view_page.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
|
master 70b5022f 2009-11-30 19:56 Details Diff |
Fix 0011229: Fix tagging XSS scripting vulnerabilities Tag names and descriptions were not properly sanitised before being written to HTML output. This meant that it was possible for users to create tags containing Javascript that is executed on every load of view_all_bug_page (and elsewhere) for all users. Thanks to Michel Arboi from Tenable Network Security (Nessus) for reporting this issue. |
Affected Issues 0011229 |
|
| mod - core/print_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - tag_update_page.php | Diff File | ||
| mod - tag_view_page.php | Diff File | ||
