View Issue Details

IDProjectCategoryView StatusLast Update
0024648mantisbtsecuritypublic2018-09-04 02:33
Reporteratrol Assigned Toatrol  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Target Version1.3.16Fixed in Version1.3.16 
Summary0024648: CVE-2018-14895: XSS in bug_actiongroup.php
Description

Clone of 0024647 to track the issue for 1.3 series.

Issue summary is printed on bug_actiongroup.php without being sanitized.
This happens if the issue is displayed in the list of ID's where the action failed due to various reasons (e.g. missing access rights, unallowed status changes, ...)

TagsNo tags attached.

Relationships

duplicate of 0024647 closedatrol CVE-2018-14895: XSS in bug_actiongroup.php 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.3.x ab558c02

2018-08-02 17:44:15

atrol


Committer: dregad Details Diff
Fix XSS in bug_actiongroup.php

Issue summary was printed on bug_actiongroup.php without being
sanitized (CVE-2018-14895).

Fixes 0024648

Backported from e8197359de731c92702a0736bb7f082a5f8cbe19
Affected Issues
0024648
mod - bug_actiongroup.php Diff File