| Anonymous | Login | Signup for a new account | 12-17-2024 10:29 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004699 | [Resin] | minor | always | 08-03-11 14:11 | 08-04-11 11:22 | ||||
| Reporter | jyung | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 4.0.21 | Product Version | 4.0.20 | ||||
| Product Build | |||||||||
| Summary | 0004699: XSS vulnerability in redirect | ||||||||
| Description |
Our security audit revealed an XSS vulnerability in the HTML sent with a redirect. Request: GET /?"><script>alert(document.domain)</script> HTTP/1.1 Result: The URL has moved <a href="/webapp/?"><script>alert(document.domain)</script>">here</a> |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0005425) ferg 08-04-11 11:22 |
server/1u3k |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 08-03-11 14:11 | jyung | New Issue | |
| 08-03-11 14:13 | jyung | Issue Monitored: jyung | |
| 08-04-11 11:22 | ferg | Note Added: 0005425 | |
| 08-04-11 11:22 | ferg | Assigned To | => ferg |
| 08-04-11 11:22 | ferg | Status | new => closed |
| 08-04-11 11:22 | ferg | Resolution | open => fixed |
| 08-04-11 11:22 | ferg | Fixed in Version | => 4.0.21 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed. 26 unique queries executed. |  |
