View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0016513 | mantisbt | security | public | 2013-10-19 14:35 | 2014-12-22 08:23 |
Reporter | atrol | Assigned To | atrol | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.15 | ||||
Target Version | 1.2.16 | Fixed in Version | 1.2.16 | ||
Summary | 0016513: CVE-2013-4460: XSS in account_sponsor_page.php project names | ||||
Description | account_sponsor_page.php.php does not correctly sanitise project names. | ||||
Tags | No tags attached. | ||||
Security issues should be backported to 1.2 |
|
CVE assigned http://thread.gmane.org/gmane.comp.security.oss.general/11351/focus=11367 |
|
MantisBT: master 0002d106 2013-10-19 10:36 Details Diff |
Fix 0016513: XSS in account_sponsor_page.php project names account_sponsor_page.php.php does not correctly sanitise project names. It is thus possible for a malicious user with project manager access permissions (or higher) to let users execute malicious JavaScript when visiting account_sponsor_page.php. |
Affected Issues 0016513 |
|
mod - account_sponsor_page.php | Diff File | ||
MantisBT: master-1.2.x ad929d48 2013-10-19 10:36 Committer: dregad Details Diff |
Fix 0016513: XSS in account_sponsor_page.php project names account_sponsor_page.php.php does not correctly sanitise project names. It is thus possible for a malicious user with project manager access permissions (or higher) to let users execute malicious JavaScript when visiting account_sponsor_page.php. |
Affected Issues 0016513 |
|
mod - account_sponsor_page.php | Diff File |