0027853: Printing unsanitized user input in account_prof_edit_page.php

ID	Project	Category	View Status	Date Submitted	Last Update
0027853	mantisbt	security	public	2021-01-08 03:37	2021-03-07 18:28

Reporter	iohex	Assigned To	atrol
Priority	normal	Severity	minor	Reproducibility	N/A
Status	closed	Resolution	fixed
Product Version	2.25.0
Target Version	2.25.0	Fixed in Version	2.25.0

Summary	0027853: Printing unsanitized user input in account_prof_edit_page.php
Description	Hi, I found a relfected XSS in the account_prof_edit_page.php-line: 100, the variable $f_redirect_page will be output without the function string_attrribute() protected. version: 2.24.3 path: account_prof_edit_page.php sink: line-100 <input type="hidden" name="redirect" value="<?php echo $f_redirect_page ?>" /> source: line-63 $f_redirect_page = gpc_get_string( 'redirect', 'account_prof_menu_page.php' ); fix: string_attribute($f_redirect_page)
Tags	No tags attached.

atrol 2021-01-08 04:40 developer ~0064960	Thanks @iohex for the hint. There is no published version affected, regression was introduced when fixing 0027260

atrol 2021-01-08 04:50 developer ~0064961	PR https://github.com/mantisbt/mantisbt/pull/1729

MantisBT: master e512b3d6 2021-01-07 23:46 atrol Details Diff	Fix XSS in account_prof_edit_page.php Fixes 0027853		Affected Issues 0027853
	mod - account_prof_edit_page.php		Diff File