Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2017-6958: XSS in search page #205

Closed
dregad opened this issue Mar 16, 2017 · 3 comments
Closed

CVE-2017-6958: XSS in search page #205

dregad opened this issue Mar 16, 2017 · 3 comments
Labels
Milestone

Comments

@dregad
Copy link
Member

dregad commented Mar 16, 2017

Dmitry Ivanov d1m0ck reported*1 a security vulnerability in the Source Integration plugin's search results page, allowing an attacker to inject arbitrary HTML or javascript code (the latter, only if MantisBT's default CSP are disabled).

@dregad dregad modified the milestones: v1.5.2, v2.0.2 Mar 16, 2017
@dregad
Copy link
Member Author

dregad commented Mar 16, 2017

After verification, the issue does not seem to be reproducible in 1.x branch, first affected version is 2.0.0-beta.1. Setting target to 2.0.2.

@dregad
Copy link
Member Author

dregad commented Mar 16, 2017

CVE Request 307121 sent

@dregad dregad closed this as completed in b014da5 Mar 16, 2017
@dregad dregad changed the title XSS in search page CVE-2017-6958: XSS in search page Mar 17, 2017
@dregad
Copy link
Member Author

dregad commented Mar 17, 2017

Announcement on OSS-security mailing list
http://www.openwall.com/lists/oss-security/2017/03/17/2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant