View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012371 | mantisbt | security | public | 2010-09-18 19:25 | 2014-09-23 18:05 |
Reporter | giallu | Assigned To | giallu | ||
Priority | immediate | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.8 | ||||
Fixed in Version | 1.2.9 | ||||
Summary | 0012371: XSS in print_all_bug_page_word.php when printing project and category names | ||||
Description | print_all_bug_page_word.php does not correctly sanitise project and category names. It is thus possible for a malicious user with project manager access permissions (or higher) to redirect users to print_all_bug_page_word.php to execute malicious JavaScript. | ||||
Tags | No tags attached. | ||||