View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011260 | mantisbt | security | public | 2009-12-05 09:09 | 2015-02-20 02:35 |
| Reporter | dhx | Assigned To | dhx | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.2.0 | ||||
| Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
| Summary | 0011260: Attribute/XSS injection in permalink_page.php | ||||
| Description | HTML attribute injection via: This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master-1.2.x 1740b99c 2009-12-05 09:09 Details Diff |
Fix 0011260: Attribute injection/XSS in permalink_page.php HTML attribute injection via: permalink_page.php?url=%22%20style=%22display:none%22 This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. |
Affected Issues 0011260 |
|
| mod - permalink_page.php | Diff File | ||
|
MantisBT: master 3363f907 2009-12-05 09:09 Details Diff |
Fix 0011260: Attribute injection/XSS in permalink_page.php HTML attribute injection via: permalink_page.php?url=%22%20style=%22display:none%22 This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. |
Affected Issues 0011260 |
|
| mod - permalink_page.php | Diff File | ||
