View Issue Details

IDProjectCategoryView StatusLast Update
0024647mantisbtsecuritypublic2018-09-04 02:34
Reporteratrol Assigned Toatrol  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Target Version2.16.1Fixed in Version2.16.1 
Summary0024647: CVE-2018-14895: XSS in bug_actiongroup.php
Description

Issue summary is printed on bug_actiongroup.php without being sanitized.
This happens if the issue is displayed in the list of ID's where the action failed due to various reasons (e.g. missing access rights, unallowed status changes, ...)

Fix needs to be backported to 1.3.

TagsNo tags attached.
Attached Files
xss-bugactiongroup.patch (1,025 bytes)   
From f2324f7f307b99bf32ec0fcb4670f27971613264 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Thu, 2 Aug 2018 23:44:15 +0200
Subject: [PATCH] Fix XSS in bug_actiongroup.php

Fixes #24647
---
 bug_actiongroup.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
index 37cc98179..0b5788e9c 100644
--- a/bug_actiongroup.php
+++ b/bug_actiongroup.php
@@ -353,7 +353,8 @@ if( count( $t_failed_ids ) > 0 ) {
 	$separator = lang_get( 'word_separator' );
 	foreach( $t_failed_ids as $t_id => $t_reason ) {
 		$label = sprintf( lang_get( 'label' ), string_get_bug_view_link( $t_id ) ) . $separator;
-		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, bug_get_field( $t_id, 'summary' ), $t_reason );
+		$t_summary = string_display_line( bug_get_field( $t_id, 'summary' ) );
+		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, $t_summary, $t_reason );
 	}
 	echo '</div>';
 	echo '</table><br />';
-- 
2.18.0

xss-bugactiongroup.patch (1,025 bytes)   

Relationships

has duplicate 0024648 closedatrol CVE-2018-14895: XSS in bug_actiongroup.php 

Activities

dregad

dregad

2018-08-03 03:58

developer   ~0060352

Vulnerability was introduced in MantisBT master 60260a18 (Release 1.1.0a4)

dregad

dregad

2018-08-03 04:18

developer   ~0060353

CVE Request 548039 sent

dregad

dregad

2018-08-06 08:36

developer   ~0060361

CVE-2018-14895 assigned

Related Changesets

MantisBT: master-2.16 e8197359

2018-08-02 13:44

atrol

Committer: dregad


Details Diff
Fix XSS in bug_actiongroup.php

Issue summary was printed on bug_actiongroup.php without being
sanitized (CVE-2018-14895).

Fixes 0024647
Affected Issues
0024647
mod - bug_actiongroup.php Diff File