SiT! Bugs
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001655SiT!securitypublic2011-08-06 11:422011-08-31 15:00
Reporterivan 
Assigned Toivan 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product VersionCurrent GIT 
Target Version3.90beta1Fixed in VersionCurrent GIT 
Summary0001655: XSS: Possible to inject javascript into ldap_browser
Descriptionldap_browse.php uses an external variable to create javascript code without stripping any potentially dangerous input.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
User avatar (0004250)
ivan (administrator)
2011-08-21 11:56

 <script type='text/javascript'>
    //<![CDATA[
        ldap_browse_select_container('<?php echo $base ?>', '<?php echo $field ?>');
    //]]>
    </script>


While $base and $field have both been through cleanvar() - that function does not strip malicious javascript code.
User avatar (0004259)
paulh (administrator)
2011-08-24 20:00

 Agree
User avatar (0004274)
ivan (administrator)
2011-08-31 15:00

 Fixed in Git 236e762

- Issue History
Date Modified Username Field Change
2011-08-06 11:42 ivan New Issue
2011-08-06 11:42 ivan Status new => assigned
2011-08-06 11:42 ivan Assigned To => ivan
2011-08-06 11:42 ivan Assigned To ivan =>
2011-08-06 11:42 ivan Status assigned => new
2011-08-21 11:56 ivan Note Added: 0004250
2011-08-24 20:00 paulh Note Added: 0004259
2011-08-24 20:00 paulh Status new => confirmed
2011-08-31 14:59 ivan Assigned To => ivan
2011-08-31 14:59 ivan Status confirmed => assigned
2011-08-31 15:00 ivan Note Added: 0004274
2011-08-31 15:00 ivan Status assigned => resolved
2011-08-31 15:00 ivan Fixed in Version => Current GIT
2011-08-31 15:00 ivan Resolution open => fixed

Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker