| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005750 | mantisbt | security | public | 2005-06-08 18:36 | 2005-07-23 02:28 |
| Reporter | spud | Assigned To | vboctor | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Summary | 0005750: Javascript XSS vulnerability | ||||
| Description | I had a user create an "issue" that contained only this: <script>alert("your bug tracking is vulnearble to xss");</script> For the most part, the hack is rendered ineffective, which is nice. However, upon attempting to delete this bogus entry, I clicked the "Delete Issue" button, which started to load bug_actiongroup_page.php. Just before the page finished loading, what happened? I got a javascript alert that said "your bug tracking is vulnearble to xss"! So indeed it is...at least if you try to delete it! I left it up, so you can see the bogus entry as-is: http://bugs.dadaimc.org/view.php?id=160 | ||||
| Additional Information | PS: Sorry for the dupe of the custom field bug earlier! I didn't look hard enough for it before submitting. The CVS patch works great! | ||||
| Tags | No tags attached. | ||||
