Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004699 [Resin] minor always 08-03-11 14:11 08-04-11 11:22
Reporter jyung View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.20
Summary 0004699: XSS vulnerability in redirect
Description Our security audit revealed an XSS vulnerability in the HTML sent with a redirect.

Request:
GET /?"><script>alert(document.domain)</script> HTTP/1.1

Result:
The URL has moved <a href="/webapp/?"><script>alert(document.domain)</script>">here</a>

Additional Information
Attached Files

- Relationships

- Notes
(0005425)
ferg
08-04-11 11:22

server/1u3k
 

- Issue History
Date Modified Username Field Change
08-03-11 14:11 jyung New Issue
08-03-11 14:13 jyung Issue Monitored: jyung
08-04-11 11:22 ferg Note Added: 0005425
08-04-11 11:22 ferg Assigned To  => ferg
08-04-11 11:22 ferg Status new => closed
08-04-11 11:22 ferg Resolution open => fixed
08-04-11 11:22 ferg Fixed in Version  => 4.0.21


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker