View Issue Details

IDProjectCategoryView StatusLast Update
0008202mantisbtsecuritypublic2019-05-09 10:16
Reportergrangeway Assigned Tograngeway  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0008202: Potential Cross-Site Scripting Flaws
Description

A number of potential cross-site scripting flaws have been identified and fixed in 1.1.0a4 and 1.0.9

TagsNo tags attached.

Relationships

related to 0025749 closeddregad error_string() does not allow HTML tags inside of error messages 

Activities

vboctor

vboctor

2007-07-28 03:00

manager   ~0015251

Set the target version as 1.0.9. We should have a porting issue.

vboctor

vboctor

2007-08-22 01:50

manager   ~0015480

grangeway, would be nice to get these into 1.0.9. I think we should be releasing this soon.

vboctor

vboctor

2008-03-14 00:42

manager   ~0017335

Given that 1.1.x is now the stable branch. There is no need to port these fixes.

Related Changesets

MantisBT: master 5a28be43

2007-07-26 21:59:43

Paul Richards

Details Diff
0008202: Potential Cross-Site Scripting Flaws

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@4493 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9
Affected Issues
0008202
mod - billing_inc.php Diff File

MantisBT: master cf4d47c5

2007-07-26 22:14:58

Paul Richards

Details Diff
0008202: Potential Cross-Site Scripting Flaws

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@4494 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9
Affected Issues
0008202
mod - manage_config_revert.php Diff File
mod - core/error_api.php Diff File
mod - core/database_api.php Diff File