| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0019493 | mantisbt | security | public | 2015-03-12 22:25 | 2015-03-27 04:41 |
| Reporter | TWSpiders | Assigned To | dregad | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.1.0a4 | ||||
| Fixed in Version | 1.2.19 | ||||
| Summary | 0019493: CVE-2014-9701: XSS vulnerability in permalink_page.php | ||||
| Description | This issue was previously reported in 0019384. However, it was advised to create a new issue for requesting a CVE number. Mantis 1.2.18 and prior are vulnerable to a XSS vulnerability in the 'permalink_page.php' page | ||||
| Steps To Reproduce | Finding 1: Cross-Site Scripting Vulnerability in 'permalink_page.php' page #Request: | ||||
| Tags | No tags attached. | ||||
 |
For the record, this specific XSS issue on permalink_page.php was previously reported by grangeway in 0017362:0040613 (the follow-up took place off-line via e-mail/IRC), so if any credit is to be given for this discovery, it would go to him. |
|
|
See also http://thread.gmane.org/gmane.comp.security.oss.general/14977/focus=15022 |
|
|
CVE request http://thread.gmane.org/gmane.comp.security.oss.general/16119 |
 |
This is requested for tracking purposes only. Thank you. |
