| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006562 | mantisbt | security | public | 2006-01-05 21:20 | 2006-10-09 11:55 |
| Reporter | thraxisp | Assigned To | thraxisp | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Product Version | 0.19.3 | ||||
| Summary | 0006562: XSS Vulnerability in project documents (TKADV2005-11-002) | ||||
| Description | It is possible to embed an XSS script into the information passed to proj_doc_delete. It is primarily cosmetic. From Thomas Waldegger [thomas.waldegger at morph3us dot org] /proj_doc_delete.php: <?file_id=1&title=%22%3E%3Cscript%3Ealert(document.cookie)%3C/ | ||||
| Tags | No tags attached. | ||||
