View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017297 | mantisbt | security | public | 2014-05-08 07:03 | 2014-12-05 18:33 |
Reporter | muts | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0a1 | ||||
Target Version | 1.2.18 | Fixed in Version | 1.2.18 | ||
Summary | 0017297: CVE-2014-9272: XSS in string_insert_hrefs allows script execution | ||||
Description | Add a bugnote with this line for The problem lies in | ||||
Tags | No tags attached. | ||||
&javascript://%E2%80%A8alert(document.domain) |
|
I'm thinking of restricting the list of "valid" URI schemes that get turned into anchor links using the following regex: (?:https?|s?ftp|file|irc[6s]?|ssh|telnet|nntp|git|svn(?:+ssh)?|cvs):\/\/ Anything you believe should be added to that list ? |
|
CVE request sent http://thread.gmane.org/gmane.comp.security.oss.general/14956 |
|
MantisBT: master-1.2.x 05378e00 2014-11-27 14:15 Details Diff |
Fix 0017297: XSS in string_insert_hrefs The URL matching regex in the function did not validate the protocol, allowing an attacker to use 'javascript://' to execute arbitrary code. Issue was discovered by Mathias Karlsson (http://mathiaskarlsson.me) and reported by Offensive Security (http://www.offensive-security.com/). |
Affected Issues 0017297 |
|
mod - core/string_api.php | Diff File | ||
MantisBT: master 66c142dc 2014-11-27 14:15 Details Diff |
Fix 0017297: XSS in string_insert_hrefs The URL matching regex in the function did not validate the protocol, allowing an attacker to use 'javascript://' to execute arbitrary code. Issue was discovered by Mathias Karlsson (http://mathiaskarlsson.me) and reported by Offensive Security (http://www.offensive-security.com/). |
Affected Issues 0017297 |
|
mod - core/string_api.php | Diff File |