View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0012630 | mantisbt | security | public | 2010-12-24 23:40 | 2011-04-05 14:23 |
| Reporter | dhx | Assigned To | dhx | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.2.4 | ||||
| Target Version | 1.2.5 | Fixed in Version | 1.2.5 | ||
| Summary | 0012630: print_bugnote_inc.php XSS with reminders sent to users with malformed usernames | ||||
| Description | A minor XSS issue exists with print_bugnote_inc.php whereby usernames are not properly sanitised prior to being outputted. Steps to reproduce:
NOTE: This is not a major security issue because MantisBT prevents people from making malformed usernames by default. It's only an issue if you're adding users to MantisBT using your own approach (a third party user creation script) and writing directly to the database instead of using MantisBT's API. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master eb38db49 2010-12-24 23:29 Details Diff |
Fix 0012630: print_bugnote_inc.php XSS with unescaped reminder usernames A minor XSS issue exists with print_bugnote_inc.php whereby usernames are not properly sanitised prior to being outputted. Steps to reproduce: 1. Create a user with a username of "Hack<script>alert(1)</script>" (note: MantisBT will not let people create these malformed usernames by default as only latin characters are accepted, therefore you must create the user with SQL or another raw approach). 2. Send a reminder to this new user from inside a bug. 3. Go to the print view of the bug. 4. Notice an alert window pop up indicating an XSS issue. NOTE: This is not a major security issue because MantisBT prevents people from making malformed usernames by default. It's only an issue if you're adding users to MantisBT using your own approach (a third party user creation script) and writing directly to the database instead of using MantisBT's API. |
Affected Issues 0012630 |
|
| mod - print_bugnote_inc.php | Diff File | ||
|
MantisBT: master-1.2.x 92a3e685 2010-12-24 23:29 Details Diff |
Fix 0012630: print_bugnote_inc.php XSS with unescaped reminder usernames A minor XSS issue exists with print_bugnote_inc.php whereby usernames are not properly sanitised prior to being outputted. Steps to reproduce: 1. Create a user with a username of "Hack<script>alert(1)</script>" (note: MantisBT will not let people create these malformed usernames by default as only latin characters are accepted, therefore you must create the user with SQL or another raw approach). 2. Send a reminder to this new user from inside a bug. 3. Go to the print view of the bug. 4. Notice an alert window pop up indicating an XSS issue. NOTE: This is not a major security issue because MantisBT prevents people from making malformed usernames by default. It's only an issue if you're adding users to MantisBT using your own approach (a third party user creation script) and writing directly to the database instead of using MantisBT's API. |
Affected Issues 0012630 |
|
| mod - print_bugnote_inc.php | Diff File | ||
