View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0027779 | mantisbt | security | public | 2020-12-19 17:11 | 2020-12-30 12:05 |
Reporter | atrol | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 2.24.4 | Fixed in Version | 2.24.4 | ||
Summary | 0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls | ||||
Description | There are several calls to helper_ensure_confirmed() that output unsanitized user data, which could potentially lead to XSS attacks. Occurrences were identified in the following scripts, with the origin of potential attack as indicated:
| ||||
Additional Information | Originally reported by @atrol in 0027768:0064811 | ||||
Tags | No tags attached. | ||||
MantisBT: master-2.24 f6502be6 2020-12-19 07:27 Details Diff |
Prevent XSS in helper_ensure_confirmed() calls When the confirmation message references user-provided data, it needs to be escaped prior to calling the function. Fixes 0027779, CVE-2020-35571 |
Affected Issues 0027779 |
|
mod - manage_config_revert.php | Diff File | ||
mod - manage_custom_field_update.php | Diff File | ||
mod - manage_filter_delete.php | Diff File | ||
mod - manage_proj_user_remove.php | Diff File | ||
mod - manage_user_delete.php | Diff File | ||
mod - manage_user_proj_delete.php | Diff File | ||
MantisBT: master f6502be6 2020-12-19 07:27 Details Diff |
Prevent XSS in helper_ensure_confirmed() calls When the confirmation message references user-provided data, it needs to be escaped prior to calling the function. Fixes 0027779, CVE-2020-35571 |
Affected Issues 0027779 |
|
mod - manage_config_revert.php | Diff File | ||
mod - manage_custom_field_update.php | Diff File | ||
mod - manage_filter_delete.php | Diff File | ||
mod - manage_proj_user_remove.php | Diff File | ||
mod - manage_user_delete.php | Diff File | ||
mod - manage_user_proj_delete.php | Diff File | ||
MantisBT: master-2.24 6c3482d0 2020-12-19 07:50 Details Diff |
Use parameterized string for confirmation messages Previously, the confirmation message was built manually in several places throughout the code, concatenating strings with variables. We now use a string with parameters, which is fed to sprintf prior to display. This gives translators more control to over the final message, and allows removing now-unused $s_in_project string. Updated strings: - $s_confirm_custom_field_deletion - $s_confirm_used_custom_field_deletion - $s_confirm_custom_field_unlinking - $s_config_delete_sure - $s_confirm_file_delete_msg - $s_delete_account_sure_msg - $s_query_delete_msg - $s_remove_user_sure_msg - $s_version_delete_sure Issue 0027779 |
Affected Issues 0027779 |
|
mod - lang/strings_english.txt | Diff File | ||
mod - manage_config_revert.php | Diff File | ||
mod - manage_custom_field_delete.php | Diff File | ||
mod - manage_filter_delete.php | Diff File | ||
mod - manage_proj_custom_field_remove.php | Diff File | ||
mod - manage_proj_user_remove.php | Diff File | ||
mod - manage_proj_ver_delete.php | Diff File | ||
mod - manage_user_delete.php | Diff File | ||
mod - manage_user_proj_delete.php | Diff File | ||
mod - proj_doc_delete.php | Diff File | ||
MantisBT: master 4d5023bc 2020-12-30 07:05 Details Diff |
Fix typos in language strings Per @Nikerabbit's feedback in 6c3482d009da931f43276d192bf66799402836bd. - remove space before `?` - remove unnecessary `:` - typo in $s_remove_user_sure_msg Issue 0027779 |
Affected Issues 0027779 |
|
mod - lang/strings_english.txt | Diff File |