View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023166 | mantisbt | security | public | 2017-07-27 16:14 | 2017-09-03 18:41 |
Reporter | trichimtrich | Assigned To | atrol | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.1.0 | ||||
Target Version | 2.5.2 | Fixed in Version | 2.5.2 | ||
Summary | 0023166: CVE-2017-12062: XSS in manage_user_page.php | ||||
Description |
There're also | ||||
Steps To Reproduce | It's a little bit harder because
| ||||
Tags | No tags attached. | ||||
Attached Files | |||||
There is an issue with markdown for above content in "Steps To Reproduce". I uploaded an image for bypass payload to trigger xss if user's disabled CSP |
|
Introduced in 2.1.0 when fixing 0021551. |
|
@trichimtrich thanks for creating this report. Can you confirm that changing the mentioned line to
fixes the issue? |
|
Reminder sent to: dregad, vboctor Should we target to 2.5.2 or 2.6.0? |
|
I can confirm the changing above fixes the issue. |
|
@atrol as a security fix, I would target for 2.5.2 and we will merge into 2.6.0 along with other 2.5.2 fixes. |
|
The bug has been introduced in 2.1.0 and all following versions are affected, that why I set field
Created the version and set target version |
|
I am requesting a CVE ID to be assigned for this issue. @trichimtrich please let us know how you would like to be credited for the finding |
|
You can use the same twitter name here @trichimtrich. |
|
CVE-2017-12062 has been assigned [scr368900] |
|
OSS security mailing list posting http://www.openwall.com/lists/oss-security/2017/08/01/1 |
|
MantisBT: master-2.5 9b5b71da 2017-07-27 13:14 Committer: dregad Details Diff |
Fix XSS in manage_user_page.php (CVE-2017-12062) trichimtrich (https://twitter.com/trichimtrich) reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'filter' form variable. Prevent the attack by sanitizing the variable before output. Fixes 0023166 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0023166 |
|
mod - manage_user_page.php | Diff File |