View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0024647 | mantisbt | security | public | 2018-08-02 17:45 | 2018-09-04 02:34 |
Reporter | atrol | Assigned To | atrol | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 2.16.1 | Fixed in Version | 2.16.1 | ||
Summary | 0024647: CVE-2018-14895: XSS in bug_actiongroup.php | ||||
Description | Issue summary is printed on bug_actiongroup.php without being sanitized. Fix needs to be backported to 1.3. | ||||
Tags | No tags attached. | ||||
Attached Files | xss-bugactiongroup.patch (1,025 bytes)
From f2324f7f307b99bf32ec0fcb4670f27971613264 Mon Sep 17 00:00:00 2001 From: Roland Becker <roland@atrol.de> Date: Thu, 2 Aug 2018 23:44:15 +0200 Subject: [PATCH] Fix XSS in bug_actiongroup.php Fixes #24647 --- bug_actiongroup.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bug_actiongroup.php b/bug_actiongroup.php index 37cc98179..0b5788e9c 100644 --- a/bug_actiongroup.php +++ b/bug_actiongroup.php @@ -353,7 +353,8 @@ if( count( $t_failed_ids ) > 0 ) { $separator = lang_get( 'word_separator' ); foreach( $t_failed_ids as $t_id => $t_reason ) { $label = sprintf( lang_get( 'label' ), string_get_bug_view_link( $t_id ) ) . $separator; - printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, bug_get_field( $t_id, 'summary' ), $t_reason ); + $t_summary = string_display_line( bug_get_field( $t_id, 'summary' ) ); + printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, $t_summary, $t_reason ); } echo '</div>'; echo '</table><br />'; -- 2.18.0 | ||||