View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008756 | mantisbt | security | public | 2008-01-16 16:15 | 2008-01-27 17:45 |
Reporter | Borszczuk | Assigned To | giallu | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.0 | ||||
Target Version | Fixed in Version | 1.1.1 | |||
Summary | 0008756: "Most active bugs" summary XSS vulnerability | ||||
Description | I disabled all HTML tags using g_html_valid_tags but still, on the "Most | ||||
Tags | No tags attached. | ||||
See bug 0008723 for additional details |
|
Actually, it does not need to take into account g_html_valid_tags, but just avoid showing them as is: this is an XSS vector so I'm moving the bug to the correct category |
|
Also fixed in trunk |
|
Security advisories: |
|
MantisBT: master-1.1.x fabe3938 2008-01-16 23:43:56 Details Diff |
Fix 8756: "Most active bugs" summary XSS vulnerability git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@4896 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008756 |
|
mod - core/summary_api.php | Diff File | ||
MantisBT: master 294d34c3 2008-01-16 23:50:45 Details Diff |
Fix 8756: "Most active bugs" summary XSS vulnerability git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@4897 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008756 |
|
mod - core/summary_api.php | Diff File |
Date Modified | Username | Field | Change |
---|---|---|---|
2008-01-16 16:15 | Borszczuk | New Issue | |
2008-01-16 16:15 | Borszczuk | Note Added: 0016680 | |
2008-01-16 16:16 | Borszczuk | Note Edited: 0016680 | |
2008-01-16 18:42 | giallu | Note Added: 0016684 | |
2008-01-16 18:42 | giallu | Category | other => security |
2008-01-16 18:42 | giallu | Summary | "Summary/Most Acitve" does not pay much attention to config's g_html_valid_tags setting => "Most active bugs" summary XSS vulnerability |
2008-01-16 18:51 | giallu | Status | new => resolved |
2008-01-16 18:51 | giallu | Fixed in Version | => 1.1.1 |
2008-01-16 18:51 | giallu | Resolution | open => fixed |
2008-01-16 18:51 | giallu | Assigned To | => giallu |
2008-01-16 18:51 | giallu | Note Added: 0016685 | |
2008-01-19 04:24 | vboctor | Status | resolved => closed |
2008-01-27 17:45 | giallu | Note Added: 0016854 | |
2008-10-20 20:20 | Changeset attached | master-1.1.x a2e175f8 => | |
2008-10-21 11:46 | Changeset attached | master f8d9c650 => | |
2008-11-11 08:34 | giallu | Changeset attached | master 294d34c3 => |
2008-11-11 08:47 | giallu | Changeset attached | master 294d34c3 => |
2008-11-11 09:03 | giallu | Changeset attached | master-1.1.x fabe3938 => |