View Issue Details

IDProjectCategoryView StatusLast Update
0024648mantisbtsecuritypublic2018-09-04 02:33
ReporteratrolAssigned Toatrol 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version 
Target Version1.3.16Fixed in Version1.3.16 
Summary0024648: CVE-2018-14895: XSS in bug_actiongroup.php
Description

Clone of 0024647 to track the issue for 1.3 series.

Issue summary is printed on bug_actiongroup.php without being sanitized.
This happens if the issue is displayed in the list of ID's where the action failed due to various reasons (e.g. missing access rights, unallowed status changes, ...)

TagsNo tags attached.

Relationships

duplicate of 0024647 closedatrol CVE-2018-14895: XSS in bug_actiongroup.php 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.3.x ab558c02

2018-08-02 17:44:15

atrol


Committer: dregad Details Diff
Fix XSS in bug_actiongroup.php

Issue summary was printed on bug_actiongroup.php without being
sanitized (CVE-2018-14895).

Fixes 0024648

Backported from e8197359de731c92702a0736bb7f082a5f8cbe19
Affected Issues
0024648
mod - bug_actiongroup.php Diff File

Issue History

Date Modified Username Field Change
2018-08-02 18:10 atrol New Issue
2018-08-02 18:10 atrol Issue generated from: 0024647
2018-08-02 18:10 atrol Relationship added duplicate of 0024647
2018-08-06 08:36 dregad Summary XSS in bug_actiongroup.php => CVE-2018-14895: XSS in bug_actiongroup.php
2018-08-06 08:57 dregad Changeset attached => MantisBT master-1.3.x ab558c02
2018-08-06 08:57 atrol Assigned To => atrol
2018-08-06 08:57 atrol Status new => resolved
2018-08-06 08:57 atrol Resolution open => fixed
2018-08-06 08:57 atrol Fixed in Version => 1.3.16
2018-09-04 01:23 vboctor Status resolved => closed
2018-09-04 02:33 atrol View Status private => public