[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: MantisBT before 1.2.13 =?utf-8?b?bWF0Y2hfdHlwZQ==?= XSS vulnerabilit
From: Damien Regad <damien.regad () merckgroup ! com>
Date: 2013-01-21 9:07:59
Message-ID: loom.20130121T094544-91 () post ! gmane ! org
[Download RAW message or body]
Kurt Seifried <kseifried@...> writes:
> Please use CVE-2013-0197 for this issue.
Hi Kurt,
Thanks for creating the CVE; please take note of a small rectification on the
original issue report:
David Hicks <d <at> hx.id.au> writes:
> Jakub Galczyk discovered[1][2] a cross site scripting (XSS)
> vulnerability in *MantisBT 1.2.12 and earlier versions*
This affects *only MantisBT version 1.2.12* (and the 'master'
development branch after 15-Sep-2012), as earlier versions did not contain the
commit introducing the 'match type' filtering feature [1].
It's also worth mentioning that a better patch for the vulnerability is
available under follow-up issue #15388 [2]
Damien Regad
MantisBT developer
[1] 1.2.x branch: https://github.com/mantisbt/mantisbt/commit/5b491868
master branch: https://github.com/mantisbt/mantisbt/commit/6c6c3d72
[2] http://www.mantisbt.org/bugs/view.php?id=15388
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic