View Issue Details

IDProjectCategoryView StatusLast Update
0024813mantisbtsecuritypublic2018-10-27 16:21
ReporteratrolAssigned Toatrol 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version2.1.0 
Target Version2.17.2Fixed in Version2.17.2 
Summary0024813: CVE-2018-17782: XSS in manage_filter_page.php
Description

Project Name is printed on manage_filter_page.php without being sanitized.

TagsNo tags attached.

Activities

atrol

atrol

2018-09-29 05:24

developer  

24813-XSS-manage_filter_page.patch (1,359 bytes)
From a8f460b4d5d171ea1b0cc5a32ecfeb0ecbf9fcf9 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Sat, 29 Sep 2018 11:19:07 +0200
Subject: [PATCH] Fix XSS in manage_filter_page.php

Fixes #24813
---
 manage_filter_page.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manage_filter_page.php b/manage_filter_page.php
index f215741f8..4732a579a 100644
--- a/manage_filter_page.php
+++ b/manage_filter_page.php
@@ -103,7 +103,7 @@ function table_print_filter_row( $p_filter_id ) {
 		echo '</td>';
 	}
 	# Project
-	echo '<td>' . project_get_name( filter_get_field( $p_filter_id, 'project_id' )) . '</td>';
+	echo '<td>' . string_display_line( project_get_name( filter_get_field( $p_filter_id, 'project_id' ) ) ) . '</td>';
 	# Public
 	echo '<td class="center">' . trans_bool( filter_get_field( $p_filter_id, 'is_public' ) ) . '</td>';
 	# Owner
@@ -152,7 +152,7 @@ function table_print_filters( array $p_filter_array ) {
 		<div class="widget-header widget-header-small">
 			<h4 class="widget-title lighter">
 				<i class="ace-icon fa fa-filter"></i>
-				<?php echo lang_get('available_filter_for_project') . ': ' . project_get_name( $t_project_id ) ?>
+				<?php echo lang_get('available_filter_for_project') . ': ' . string_display_line( project_get_name( $t_project_id ) ) ?>
 			</h4>
 		</div>
 
-- 
2.19.0

atrol

atrol

2018-09-29 12:11

developer   ~0060701

CVE Request 577429 sent to MITRE

atrol

atrol

2018-09-29 15:33

developer   ~0060703

CVE-2018-17782 assigned

vboctor

vboctor

2018-09-29 18:23

manager   ~0060705

Looks good to me.

dregad

dregad

2018-09-30 07:03

developer   ~0060710

I'm OK with the patch for both 0024813 and 0024814, I confirm it addresses the vulnerability.

@atrol, thanks for going through the whole process including CVE request. As a side note, a single CVE ID for both issues would probably have been sufficient in this case, as it's the same error on both pages.

Related Changesets

MantisBT: master-2.17 72ab020a

2018-09-29 05:19:07

atrol

Details Diff
Fix XSS in manage_filter_page.php

Fixes 0024813
Affected Issues
0024813
mod - manage_filter_page.php Diff File

Issue History

Date Modified Username Field Change
2018-09-29 04:54 atrol New Issue
2018-09-29 04:54 atrol Status new => assigned
2018-09-29 04:54 atrol Assigned To => atrol
2018-09-29 05:18 atrol Description Updated View Revisions
2018-09-29 05:24 atrol File Added: 24813-XSS-manage_filter_page.patch
2018-09-29 05:41 atrol Product Version => 2.1.0
2018-09-29 12:11 atrol Note Added: 0060701
2018-09-29 15:33 atrol Summary XSS in manage_filter_page.php => CVE-2018-17782: XSS in manage_filter_page.php
2018-09-29 15:33 atrol Note Added: 0060703
2018-09-29 18:23 vboctor Note Added: 0060705
2018-09-30 07:03 dregad Note Added: 0060710
2018-09-30 07:05 dregad Target Version => 2.17.2
2018-10-01 05:09 atrol Changeset attached => MantisBT master-2.17 72ab020a
2018-10-01 05:09 atrol Status assigned => resolved
2018-10-01 05:09 atrol Resolution open => fixed
2018-10-01 05:09 atrol Fixed in Version => 2.17.2
2018-10-16 23:41 vboctor Status resolved => closed
2018-10-27 16:21 atrol View Status private => public