Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2017-6958: XSS in search page #205

Closed
dregad opened this issue Mar 16, 2017 · 3 comments

Comments

Projects
None yet
1 participant
@dregad
Copy link
Member

commented Mar 16, 2017

Dmitry Ivanov d1m0ck reported*1 a security vulnerability in the Source Integration plugin's search results page, allowing an attacker to inject arbitrary HTML or javascript code (the latter, only if MantisBT's default CSP are disabled).

@dregad dregad added the security label Mar 16, 2017

@dregad dregad modified the milestones: v1.5.2, v2.0.2 Mar 16, 2017

@dregad

This comment has been minimized.

Copy link
Member Author

commented Mar 16, 2017

After verification, the issue does not seem to be reproducible in 1.x branch, first affected version is 2.0.0-beta.1. Setting target to 2.0.2.

@dregad

This comment has been minimized.

Copy link
Member Author

commented Mar 16, 2017

CVE Request 307121 sent

@dregad dregad closed this in b014da5 Mar 16, 2017

@dregad dregad changed the title XSS in search page CVE-2017-6958: XSS in search page Mar 17, 2017

@dregad

This comment has been minimized.

Copy link
Member Author

commented Mar 17, 2017

Announcement on OSS-security mailing list
http://www.openwall.com/lists/oss-security/2017/03/17/2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.