oss-sec mailing list archives

CVE request: Attachment XSS in mantis < 1.2.2

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 3 Aug 2010 01:15:23 +0200

http://www.mantisbt.org/bugs/view.php?id=11952
http://www.mantisbt.org/blog/?p=113

Issue #11952 covers a security fix to the display of inline attachments, where 
“Arbitrary inline attachment rendering could lead to cross-domain scripting or 
other browser attacks”.

-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: Attachment XSS in mantis < 1.2.2 Hanno Böck (Aug 02)
- Re: CVE request: Attachment XSS in mantis < 1.2.2 Josh Bressers (Aug 03)