View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005959 | mantisbt | security | public | 2005-07-18 01:30 | 2006-10-09 11:55 |
Reporter | joxeanpiti | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.0a3 | ||||
Fixed in Version | 1.0.0rc1 | ||||
Summary | 0005959: Cross Site Scripting Vulnerabilty in the mantis/view_all_set.php Script | ||||
Description | The Script <mantis_dir>/view_all_set.php is vulnerable to Cross Site Scripting attacks. The paramater dir is not correctly clean when generating the response output. | ||||
Additional Information | To try the vulnerability login to http://bugs.mantisbt.org and navigate to this url: http://bugs.mantisbt.org/view_all_set.php?sort=category&dir=ASC"><script>alert(document.cookie)</script>&type=2 | ||||
Tags | No tags attached. | ||||
Attached Files | 0005959.patch (1,217 bytes)
--- filter_api.orig 2005-07-18 17:07:03.000000000 +0200 +++ filter_api.php 2005-07-18 17:06:15.000000000 +0200 @@ -753,7 +753,7 @@ ?> <br /> - <form method="post" name="filters" action="<?php PRINT $t_action; ?>"> + <form method="post" name="filters" action="<?php PRINT htmlentities($t_action); ?>"> <input type="hidden" name="type" value="5" /> <?php if ( $p_for_screen == false ) { @@ -761,10 +761,10 @@ PRINT '<input type="hidden" name="offset" value="0" />'; } ?> - <input type="hidden" name="sort" value="<?php PRINT $t_sort ?>" /> - <input type="hidden" name="dir" value="<?php PRINT $t_dir ?>" /> - <input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" /> - <input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" /> + <input type="hidden" name="sort" value="<?php PRINT htmlentities($t_sort) ?>" /> + <input type="hidden" name="dir" value="<?php PRINT htmlentities($t_dir) ?>" /> + <input type="hidden" name="page_number" value="<?php PRINT htmlentities($p_page_number) ?>" /> + <input type="hidden" name="view_type" value="<?php PRINT htmlentities($t_view_type) ?>" /> <table class="width100" cellspacing="1"> <?php | ||||