View Issue Details

IDProjectCategoryView StatusLast Update
0027853mantisbtsecuritypublic2021-03-07 18:28
Reporteriohex Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version2.25.0 
Target Version2.25.0Fixed in Version2.25.0 
Summary0027853: Printing unsanitized user input in account_prof_edit_page.php
Description

Hi, I found a relfected XSS in the account_prof_edit_page.php-line: 100, the variable $f_redirect_page will be output without the function string_attrribute() protected.
version: 2.24.3
path: account_prof_edit_page.php
sink: line-100 <input type="hidden" name="redirect" value="<?php echo $f_redirect_page ?>" />
source: line-63 $f_redirect_page = gpc_get_string( 'redirect', 'account_prof_menu_page.php' );
fix: string_attribute($f_redirect_page)

TagsNo tags attached.

Relationships

related to 0027260 closeddregad Confusing redirection when editing profiles 

Activities

atrol

atrol

2021-01-08 04:40

developer   ~0064960

Thanks @iohex for the hint.

There is no published version affected, regression was introduced when fixing 0027260

atrol

atrol

2021-01-08 04:50

developer   ~0064961

PR https://github.com/mantisbt/mantisbt/pull/1729

Related Changesets

MantisBT: master e512b3d6

2021-01-07 23:46

atrol


Details Diff
Fix XSS in account_prof_edit_page.php

Fixes 0027853
Affected Issues
0027853
mod - account_prof_edit_page.php Diff File