0012371: XSS in print_all_bug_page_word.php when printing project and category names - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0012371	mantisbt	security	public	2010-09-18 19:25	2014-09-23 18:05

Reporter	giallu	Assigned To	giallu
Priority	immediate	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.1.8
Fixed in Version	1.2.9

Summary	0012371: XSS in print_all_bug_page_word.php when printing project and category names
Description	print_all_bug_page_word.php does not correctly sanitise project and category names. It is thus possible for a malicious user with project manager access permissions (or higher) to redirect users to print_all_bug_page_word.php to execute malicious JavaScript.
Tags	No tags attached.

related to	0012238	closed	dhx	XSS in print_all_bug_page_word.php when printing project and category names
related to	0015721	closed	grangeway	Functionality to consider porting to master-2.0.x

MantisBT: master-1.1.x 3bc117fc 2010-09-18 19:29 giallu Details Diff	Fix 0012371: XSS in print_all_bug_page_word.php project/category names Backport of commit bfc9e9 for bug 12238		Affected Issues 0012371
	mod - print_all_bug_page_word.php		Diff File

grangeway 2013-04-05 17:57 reporter ~0036238	Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch